Amazon Cloud Security Acts Like Physical Networks

Amazon Web Services, which launched its first product (Simple Storage Service) five years ago this month, has revealed a redesign to its Virtual Private Cloud (VPC) service access. Users now can set up their own virtual networks within the Amazon cloud that they can control just as they control their own physical data centre networks.

Amazon VPC now lets users specify which of their Amazon VPC resources they want to make directly accessible from their Internet connection and which they would like to maintain from behind their firewalls. Previously, Amazon Elastic Cloud (EC2) users would provision a private section of the AWS cloud and launch AWS resources into it that were only accessible via a virtual private network (VPN) connection to a physical enterprise data centre.

No More VPN Problems

As a result, Amazon VPC was not directly accessible. Because VPNs in general are notorious for connectivity problems, interruptions in services were all too common. Starting on March 15, enterprises no longer required a VPN or existing infrastructure resources in order to use VPC, the company said.

Enterprises now can define a virtual network topology in Amazon VPC that resembles a traditional network that they might operate in their own data centre, the company said. Users will have complete control over the virtual networking environment, including selection of IP address range, creation of subnets, and configuration of route tables and network gateways.

Users can customise the network configuration for Amazon VPC, for example, by creating a public-facing subnet for Web servers that have access to the Internet and placing back-end systems (such as databases or application servers) in a private-facing subnet with no Internet access.

If they choose, enterprises still can connect Amazon VPC to their own existing IT infrastructure with an encrypted VPN connection.

Specifically, Amazon VPC now enables enterprises to:

  • Create an Amazon Virtual Private Cloud on AWS’ scalable infrastructure and specify its private IP address range from any range they choose.
  • Divide Amazon VPC’s private IP address range into one or more public or private subnets to facilitate running applications and services in Amazon VPC.
  • Control inbound and outbound access to and from individual subnets using network access control lists.
  • Store data in Amazon S3 and set permissions so the data can only be accessed from within Amazon VPC.
  • Attach an Amazon Elastic IP Address to any Amazon VPC instance so it can be reached directly from the Internet.
  • Bridge Amazon VPC and an enterprise’s own IT infrastructure with an encrypted VPN connection, extending enterprises’ existing security and management policies to Amazon VPC instances as if they were running within an existing data centre.
Chris Preimesberger

Editor of eWEEK and repository of knowledge on storage, amongst other things

Recent Posts

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

9 hours ago

Former Policy Boss At X Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

11 hours ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

12 hours ago

FTX Co-Founder Gary Wang Spared Prison

Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…

13 hours ago