In this lab, you use public and private subnets, security groups, and ACLs to create a three-security zone network infrastructure. You then use VPC flow logs to monitor the traffic that reaches the resources in each zone to verify only the required traffic is allowed.
Level
Intermediate
Duration
1 Hours 0 MinutesCourse Objectives
In this course, you will learn how to:
- Create a three-security zone network infrastructure
- Implement network segmentation using security groups, network ACLs, and public and private subnets
- Monitor network traffic to EC2 instances using VPC flow logs
Intended Audience
This course is intended for:
- Architects
- Security Engineers
Prerequisites
We recommend that attendees of this course have the following prerequisites:
- Familiar with navigation of the AWS Management Console
- Have an understanding of basic networking concepts
Course Outline
- Task 1: Restrict network traffic using security groups
- Task 2: Restrict traffic to the public subnet
- Task 3: Inspect network traffic with VPC flow logs