Network Security: Enabling HTTPS port in Public Subnets
We'll cover the following
Allow only the HTTPS port in public subnets#
Once the hosts are running inside private subnets and with the private security group, we can remove ports 8443 and 22 from the public security group. If we had done this in the previous step, it would have prevented users from reaching our application until the new hosts were created.
Line #7: Only port 443 is allowed in the public subnet.
Now let’s deploy and test.
Our instances are now isolated from the internet, and the only way to reach them is through the load balancer.
Note: All the code has been already added and we are pushing it on our repository as well.
/
- deploy-infra.sh
In order to get a pictorial view of our developed cloudformation stack so far, below is the design view which shows the resources we created and their relationships.
In the next lesson, we will wrap up our discussion on this course.