Written by 02/06/2024

Key components of a VPC – Infrastructure Security – Keeping Your VPC secure

Analytics Governance . Microsoft AWS Exams Article

Key components of a VPC

Before we explore security strategies, let’s briefly revisit the building blocks of a VPC to understand their role in enhancing your AWS environment’s security.

Subnets

A subnet, also known as a subnetwork, is a logical partition of a larger network – in this case, your VPC. Each subnet is associated with a specific availability zone (AZ) and is allocated a unique range of IP addresses. This allocation allows for precise control over network communication and resource distribution, thereby enhancing the security and efficiency of your network operations. Subnets are differentiated into two main types:

  • Public subnets: They are characterized by their ability to facilitate resources that require direct internet connectivity. Resources within a public subnet are assigned public IP addresses, making them accessible over the internet. The defining feature of a public subnet is its association with a route table that includes a route to the internet gateway (IGW), enabling both outbound and inbound internet traffic.
  • Private subnets: These are reserved for resources that should remain inaccessible from the internet, such as backend systems or databases. These resources are assigned a private IP address, preventing direct Internet access.

A fundamental aspect of network security lies in the distinction between public and private subnets, which minimizes the attack surface by segregating resources based on their connectivity needs. This segregation is governed by the subnet’s route table, which directs network traffic within the VPC and beyond, including with the internet.

Route tables

Route tables define the network traffic flow within your VPC. They consist of a set of rules, known as routes, which define where network traffic is directed. By carefully configuring your route tables, you can control the traffic flow in your VPC and enforce a strong network security posture. For example, you can ensure that traffic from your public subnet can reach the internet, while traffic from your private subnet cannot, thereby protecting your sensitive resources from direct internet exposure.

Leave a Reply

Your email address will not be published. Required fields are marked *