Skip to main content

AWS Firewall- Samurai Warriors

In MNCs, we have separate Network and Security teams – which is good by the way. They have the proper tool to block incoming or outgoing traffic. For this, they set up a firewall on their side which helps them establish a Network Control Centre.

But managing this firewall is not easy and cheap because you have to purchase a license and to maintain that you need SMEs for particular that firewall. So to overcome all these issues we now have a managed service that is AWS Firewall.

So what were the current Requirements that help me go deep-dive into this?

  1. We need to block some Public URLs for our egress traffic.

  2. We want to do so with a managed service.

  3. It should be quite easy to implement

  4. No Hustle and Bustle is required for setting and maintaining the firewall

  5. It should be a centralized Service. Should have control over your multiple accounts. Ex- It would be treated as Single Control Network for multi Accounts So, to fulfill all these requirements. The first fully managed service that came to my mind is the AWS firewall.


Basic Requirements:

  1. AWS Account

  2. Basic knowledge of the Creation of VPC and Subnets and EC2 and transit Gateway

  3. Please read the first Blog Transit Gateway Setup on AWS.


The Diagram has some basic terms:

  1. Hub VPC: It’s a VPC in which your transit gateway is residing

  2. Spoke VPC: It’s your VPC that has to be exposed to the firewall

  3. Availability Zones: It’s your isolated location in which you have made your VPC

  4. VPC: Virtual Private Cloud is like your data-center

  5. Public/Private subnet: Public are those which are exposed to Internet and Private are not exposed

  6. NAT/Internet gateway: They are just like your routers which help you to connect to the outer world


[ Good Read: What Is Data Science? ]


We will do implementation in 4 Steps:

First, we will set up Transit Gateway:

  1. Click on Create Transit GATEWAY: Select NAME > SELECT DESCRIPTION > CREATE TRANSIT GATEWAY

  2. Now CREATE two ROUTE TABLE :

  3. FIREWALL-ROUTE-TABLE

  4. SPOKE-ROUTE-TABLE

  5. Now Create a TGW attachment for the VPC which you want to peer

  6. If you want to peer VPC in the different account you just need to share that Transit gateway to a particular Account and create a new attachment from that account For more information refer to this blog transit gateway.


You can check more info about: AWS Firewall.

Comments

Popular posts from this blog

Step-by-Step Guide to Cloud Migration With DevOps

This successful adoption of cloud technologies is attributed to scalability, security, faster time to market, and team collaboration benefits it offers. With this number increasing rapidly among companies at all levels, organizations are  looking forward to the methods that help them: Eliminate platform complexities Reduce information leakage Minimize cloud operation costs To materialize these elements, organizations are actively turning to DevOps culture that helps them integrate development and operations processes to automate and optimize the complete software development lifecycle. In this blog post, we will discuss the step-by-step approach to cloud migration with DevOps. Steps to Perform Cloud Migration With DevOps Approach Automation, teamwork, and ongoing feedback are all facilitated by the DevOps culture in the cloud migration process. This translates into cloud environments that are continuously optimized to support your business goals and enable faster, more seamless mi...

Migration Of MS SQL From Azure VM To Amazon RDS

The MongoDB operator is a custom CRD-based operator inside Kubernetes to create, manage, and auto-heal MongoDB setup. It helps in providing different types of MongoDB setup on Kubernetes like-  standalone, replicated, and sharded.  There are quite amazing features we have introduced inside the operator and some are in-pipeline on which deployment is going on. Some of the MongoDB operator features are:- Standalone and replicated cluster setup Failover and recovery of MongoDB nodes Inbuilt monitoring support for Prometheus using MongoDB Exporter. Different Kubernetes-related best practices like:- Affinity, Pod Disruption Budget, Resource management, etc, are also part of it. Insightful and detailed monitoring dashboards for Grafana. Custom MongoDB configuration support. [Good Read:  Migration Of MS SQL From Azure VM To Amazon RDS  ] Other than this, there are a lot of features are in the backlog on which active development is happening. For example:- Backup and Restore...

Top 5 DevSecOps Trends In 2024

In the ever-evolving landscape of software development and IT operations, the paradigm of DevSecOps has emerged as a linchpin for ensuring the security and efficiency of digital ecosystems. The integration of development, security and operations is not just a methodology but a dynamic force shaping the future of software delivery. This blog aims to be your guide through the latest trends in DevSecOps, unveiling the  Top 5 DevSecOps trends in 2024  that will rule the world of DevOps security. From the heightened emphasis on DevSecOps automation to the fusion of artificial intelligence with security practices, these trends embody the pulse of a field where resilience and adaptability are paramount. As businesses increasingly rely on DevSecOps to fortify their software development life cycles, understanding the latest trends becomes crucial. Join us in exploring the cutting-edge advancements that will redefine the very essence of DevSecOps and its role in securing digital fro...