In this recipe, we did TCP passthrough for an HTTPS request and did TLS termination at the EC2 instance. TLS termination at the EC2 instance will consume more EC2 resources and will provide an extra load for the EC2 instance. We will also need to manage the certificate across all the EC2 instances. However, if we have a requirement for end-to-end encryption due to compliance or government policies, this is the preferred way. Otherwise, the preferred approach is to do SSL/TLS termination at the ELB level, as we saw in the Using an application load balancer with TLS termination at the ELB recipe of this chapter. For terminating SSL/TLS at the NLB, we need to set the protocol to TLS (Secure TCP) and select an ACM certificate.
- Title Page
- Copyright and Credits
- Dedication
- About Packt
- Contributors
- Preface
- Managing AWS Accounts with IAM and Organizations
- Securing Data on S3 with Policies and Techniques
- Technical requirements
- Creating S3 access control lists
- Creating an S3 bucket policy
- S3 cross-account access from the CLI
- S3 pre-signed URLs with an expiry time using the CLI and Python
- Encrypting data on S3
- Protecting data with versioning
- Implementing S3 cross-region replication within the same account
- Implementing S3 cross-region replication across accounts
- User Pools and Identity Pools with Cognito
- Key Management with KMS and CloudHSM
- Technical requirements
- Creating keys in KMS
- Using keys with external key material
- Rotating keys in KMS
- Granting permissions programmatically with grants
- Using key policies with conditional keys
- Sharing customer-managed keys across accounts
- Creating a CloudHSM cluster
- Initializing and activating a CloudHSM cluster
- Network Security with VPC
- Working with EC2 Instances
- Technical requirements
- Creating and configuring security groups
- Launching an EC2 instance into a VPC
- Setting up and configuring NAT instances
- Creating and attaching an IAM role to an EC2 instance
- Using our own private and public keys with EC2
- Using EC2 user data to launch an instance with a web server
- Storing sensitive data with the Systems Manager Parameter Store
- Using KMS to encrypt data in EBS
- Web Security Using ELBs, CloudFront, and WAF
- Technical requirements
- Enabling HTTPS on an EC2 instance 
- Creating an SSL/TLS certificate with ACM
- Creating a classic load balancer
- Creating ELB target groups
- Using an application load balancer with TLS termination at the ELB
- Using a network load balancer with TLS termination at EC2
- Securing S3 using CloudFront and TLS
- Configuring and using the AWS web application firewall (WAF)
- Monitoring with CloudWatch, CloudTrail, and Config
- Technical requirements
- Creating an SNS topic to send emails
- Working with CloudWatch alarms and metrics
- Creating a dashboard in CloudWatch
- Creating a CloudWatch log group
- Working with CloudWatch events
- Reading and filtering logs in CloudTrail
- Creating a trail in CloudTrail
- Using Athena to query CloudTrail logs in S3
- Cross-account CloudTrail logging
- Integrating CloudWatch and CloudTrail
- Setting up and using AWS Config
- Compliance with GuardDuty, Macie, and Inspector
- Additional Services and Practices for AWS Security
- Technical requirements
- Setting up and using AWS Security Hub
- Setting up and using AWS SSO
- Setting up and using AWS Resource Access Manager
- Protecting S3 Glacier vaults with Vault Lock
- Using AWS Secrets Manager to manage RDS credentials
- Creating an AMI instead of using EC2 user data
- Using security products from AWS Marketplace
- Using AWS Trusted Advisor for recommendations
- Using AWS Artifact for compliance reports
- Other Books You May Enjoy
There's more...
-
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.