Launching AWS EC2 instances in public subnet
Question
What is the security concern in launching AWS EC2 instances in public subnet. I assume when an EC2 instance is launched in public subnet , it will have access to outside world provided security groups allow it. Is all traffic from internet allowed to public subnet? I assume even this could be restricted via NACLs.
1 answers
solution1
2 ACCPTED 2019-04-27 22:47:07
- About launching the ec2 instance in public subnet, it is recommended that EC2 instances which need direct Internet access need to be placed in the public subnet, else instances that need direct access to internal networks must be placed in a private subnet with routes to a virtual private gateway.
- About NACL, you can control incoming and outgoing traffic at subnet level through NACL.
- By default, NACL allows all inbound and outbound traffic.
- Can customize NACL with required rules in order to provide the extra security at the subnet level.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.
Related Question
AWS: Why is a public IP required for load-balancing to my private subnet EC2 instances?
How can ec2 instances in private and public subnet communicate?
How to load balance AWS private subnet EC2 instances
AWS best method to ssh between EC2 instances in private subnet
Unable to reach public EC2 instance from EC2 instances in a private subnet while setting up squid as a transparent proxy (in public subnet)
AWS - Connecting an ec2 instance with a private ip and an ec2 instance with a public ip in the same public subnet?
Can we move ec2 instances from private subnet to public subnet directly?
AWS Beanstalk keep launching EC2 instances in same AZ
specifying VirtualizationType when launching aws ec2 instances with boto3
AWS Java SDK - launching an EC2 Spot instance with a public IP
Related Tags