This post was originally published here by Edward Smith.
Amazon Web Services provides highly secure on-demand cloud computing services that serve as the building blocks you need to quickly start developing applications and deploy them to the cloud. AWS Virtual Public Cloud (VPC) makes it easier for you to isolate resources, route net traffic, and protect your instances.
However, to ensure the security of your AWS VPC, it’s important to fulfill your end of the shared responsibility model by using and configuring the service correctly. Ideally this is done according to best practices, by making sure things such as redundant VPN tunnels and correct traffic ACLs are in place, and that you have visibility to Virtual Private Cloud endpoints.
What is AWS VPC?
Amazon VPC allows you to create virtual networks for your AWS resources, primarily for network segmentation which improves security by enforcing boundaries for network communication. In a nutshell, a Virtual Private Cloud is a logically isolated virtual network, spanning an entire AWS Region, where yourEC2 instances are launched.
The primary purpose of an Amazon VPC is enabling the following capabilities:
- Isolating your AWS resources from other accounts
- Routing network traffic to and from your instances
- Protecting your instances from network intrusion
What are the Risks to a Misconfigured AWS Virtual Private Cloud?
- Network outages (for example a bad actor shutting down traffic)
- Critical systems and networks exposed to the public Internet due to incorrect ACLs
- Undiscovered bad traffic because network flow logs are not enabled
- Exposed VPC endpoints where full access is allowed for any IAM user or service
How can Halo Cloud Secure Helps to Secure Your AWS Virtual Private Cloud?
- Checks for VPN tunnel redundancy to avoid disruption if one link goes down
- Makes sure you don’t allow unrestricted traffic in ACLs
- Checks that flow logs are enabled on VPC subnets to help you discover bad traffic
- Finds exposed VPC endpoints