Amazon Cloud Security Acts Like Physical Networks

Amazon Web Services, which launched its first product (Simple Storage Service) five years ago this month, has revealed a redesign to its Virtual Private Cloud (VPC) service access. Users now can set up their own virtual networks within the Amazon cloud that they can control just as they control their own physical data centre networks.

Amazon VPC now lets users specify which of their Amazon VPC resources they want to make directly accessible from their Internet connection and which they would like to maintain from behind their firewalls. Previously, Amazon Elastic Cloud (EC2) users would provision a private section of the AWS cloud and launch AWS resources into it that were only accessible via a virtual private network (VPN) connection to a physical enterprise data centre.

No More VPN Problems

As a result, Amazon VPC was not directly accessible. Because VPNs in general are notorious for connectivity problems, interruptions in services were all too common. Starting on March 15, enterprises no longer required a VPN or existing infrastructure resources in order to use VPC, the company said.

Enterprises now can define a virtual network topology in Amazon VPC that resembles a traditional network that they might operate in their own data centre, the company said. Users will have complete control over the virtual networking environment, including selection of IP address range, creation of subnets, and configuration of route tables and network gateways.

Users can customise the network configuration for Amazon VPC, for example, by creating a public-facing subnet for Web servers that have access to the Internet and placing back-end systems (such as databases or application servers) in a private-facing subnet with no Internet access.

If they choose, enterprises still can connect Amazon VPC to their own existing IT infrastructure with an encrypted VPN connection.

Specifically, Amazon VPC now enables enterprises to:

• Create an Amazon Virtual Private Cloud on AWS’ scalable infrastructure and specify its private IP address range from any range they choose.
• Divide Amazon VPC’s private IP address range into one or more public or private subnets to facilitate running applications and services in Amazon VPC.
• Control inbound and outbound access to and from individual subnets using network access control lists.
• Store data in Amazon S3 and set permissions so the data can only be accessed from within Amazon VPC.
• Attach an Amazon Elastic IP Address to any Amazon VPC instance so it can be reached directly from the Internet.
• Bridge Amazon VPC and an enterprise’s own IT infrastructure with an encrypted VPN connection, extending enterprises’ existing security and management policies to Amazon VPC instances as if they were running within an existing data centre.