Network Security: Enabling HTTPS port in Public Subnets

Objective#

Make our instances inaccessible from the internet.

Steps#

  • Only allow the HTTPS port in the public subnets.

Allow only the HTTPS port in public subnets#

Once the hosts are running inside private subnets and with the private security group, we can remove ports 8443 and 22 from the public security group. If we had done this in the previous step, it would have prevented users from reaching our application until the new hosts were created.

stage.yml

Line #7: Only port 443 is allowed in the public subnet.

Now let’s deploy and test.

terminal
terminal
terminal

Our instances are now isolated from the internet, and the only way to reach them is through the load balancer.

terminal

Note: All the code has been already added and we are pushing it on our repository as well.

Please provide values for the following:
username
Not Specified...
AWS_ACCESS_KEY_ID
Not Specified...
AWS_SECRET_ACCESS_KEY
Not Specified...
AWS_REGION
us-east-1
Github_Token
Not Specified...
/
package.json
stage.yml
server.js
main.yml
github.sh
setup.yml
deploy-infra.sh
stop-service.sh
start-service.sh
buildspec.yml
appspec.yml

In order to get a pictorial view of our developed cloudformation stack so far, below is the design view which shows the resources we created and their relationships.

Network Security - Enabling HTTPS port
Network Security - Enabling HTTPS port

In the next lesson, we will wrap up our discussion on this course.

Network Security: Add Private Subnets with NAT Gateway
Mark as Completed
Report an Issue