Basic Audit of AWS Environment – VPC

Review Amazon VPC Security Configuration

Amazon Virtual Private Cloud (Amazon VPC) enables you to launch Amazon Web Services (AWS) resources into a virtual network that you’ve defined. This virtual network closely resembles a traditional network that you’d operate in your own data center, with the benefits of using the scalable infrastructure of AWS.

1_vpc id
Check the VPC ID
2-vpc
Review VPC Summary
3_default vpc
Review Default VPC

Security groups for EC2-VPC have separate limits. Your VPC can be enabled for IPv6. You can add rules to your VPC security groups to enable inbound and outbound IPv6 traffic.

4_network_acl
Network ACL

For VPC security groups, responses to allowed inbound traffic are allowed to flow out, regardless of outbound rules.

5_network_acl_inbound
Network ACL Inbound Rules
6_network_acl_outbound
Network ACL Outbound Rules

For each rule, you specify the following:

  • Protocol: The protocol to allow. The most common protocols are 6 (TCP) 17 (UDP), and 1 (ICMP).
  • Port range : For TCP, UDP, or a custom protocol, the range of ports to allow. You can specify a single port number (for example, 22), or range of port numbers (for example, 7000-8000).
  • ICMP type and code: For ICMP, the ICMP type and code.
  • Source or destination: The source (inbound rules) or destination (outbound rules) for the traffic. Specify one of these options:
    • An individual IPv4 address. You must use the /32 prefix length; for example, 203.0.113.1/32.
    • (VPC only) An individual IPv6 address. You must use the /128 prefix length; for example 2001:db8:1234:1a00::123/128.
    • A range of IPv4 addresses, in CIDR block notation, for example,203.0.113.0/24.
    • (VPC only) A range of IPv6 addresses, in CIDR block notation, for example, 2001:db8:1234:1a00::/64.
    • (VPC only) The prefix list ID for the AWS service; for example, pl-1a2b3c4d.
    • Another security group. This allows instances associated with the specified security group to access instances associated with this security group. This does not add rules from the source security group to this security group. You can specify one of the following security groups:
      • The current security group.
      • EC2-Classic: A different security group for EC2-Classic in the same region.
      • EC2-Classic: A security group for another AWS account in the same region (add the AWS account ID as a prefix; for example,111122223333/sg-edcd9784).
      • EC2-VPC: A different security group for the same VPC or a peer VPC in a VPC peering connection.
7_network_acl_subnet association
Review associated Subnets within Primary VPC
8_default ackl
ACL and Route Tables for Default Subnet

Thank You! 🙂

Leave a comment

Create a free website or blog at WordPress.com.

Up ↑