MultiCloud Classroom notes 04/Dec/2024

AWS Networking

  • We have two layers of security one around subnet and one around network interface (eni)
    • Network ACL around subnets:
      • Supports allow and deny rules
      • priority is maintained in a list of rules where both allow and deny are the valid actions
      • lower the number higher the priority
      • AWS creates a default network ACL with every vpc which is attached to all subnets with rules
        • allow everything in
        • allow everything out
      • Network ACL identifies the
        • incoming packet by
          • source ip range (CIDR)
          • protocol:
            • TCP
            • UDP
            • ICMP
          • port
        • outgoing packet by
          • destination ip range (CIDR)
          • protocol:
            • TCP
            • UDP
            • ICMP
          • port
        • never write consecutive rules leave some number for adding rules in the future
    • security groups around network interfaces
      • Supports only allow rules
      • Identifies incoming packet by
        • source ip range (CIDR)
        • protocol:
          • TCP
          • UDP
          • ICMP
        • port
      • Identifies outgoing packet by (Not recommended to set outgoing rules in security group)
        • destination ip range (CIDR)
        • protocol:
          • TCP
          • UDP
          • ICMP
        • port
        • Preview

Create a network acl, security group and perform checks

  • Create a NACL Which allows all internal communications but only 80,22 port from outside and attach it to all subnets
  • create a security group which allows all communication
  • create an ec2 instance in web subnet of the vpc with the above security group:
    • install nginx (tcp/80)
  • create an ec2 instance in app subnet of the vpc with the above security group
    • setup spring petclinic (tcp/8080)

Azure Networking

  • Azure supports one network security group which supports allow and deny rules that can be applied at two layer
    • network interface (vm)
    • subnet
      Preview

Published
Categorized as Uncategorized Tagged

By continuous learner

devops & cloud enthusiastic learner

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Please turn AdBlock off
Social Media Icons Powered by Acurax Web Design Company

Discover more from Direct DevOps from Quality Thought

Subscribe now to keep reading and get access to the full archive.

Continue reading

Visit Us On FacebookVisit Us On LinkedinVisit Us On Youtube