Loading....
Lab
Cloud Vendor Amazon AWS
Proficiency Level Cloud Enthusiast
Tags CertificatesEC2Load BalancerWeb Server

Summary

In this lab, you will configure Security Groups (SG) in Amazon AWS to protect the Target Group EC2 instances from direct HTTP access. Also, you will restrict the SSH access to the Target Group EC instances to your IP address, thus preventing anybody else accessing the EC2 instances via SSH.

Each exercise below builds upon the previous one. You should start each new exercise from the last step of the previous exercise unless it is explicitly written otherwise.

Learning Objectives

After completion of this lab, you will be able to:

  • Create a Security Group (NSG) in Amazon AWS
  • Configure the SG to accept HTTP traffic from the Application Load Balancer only
  • Configure the SG to accept SSH traffic from your IP address only
  • Test the SG configuration

Prerequisites

To complete this lab, you will need the following:

Exercise #1: Add an HTTPS Listener in AWS Application Load Balancer

In this exercise, you will add an HTTPS Listener in the Application Load Balancer in Amazon AWS.

Steps

  1. Sign in to the AWS Management Console at https://aws.amazon.com/console/ using your AWS credentials
  2. In the Find Services search box, type EC2, and press Enter
  3. Click on the Load Balancers link in the left-hand navigation
  4. Find the networkinglab01-ec2-lb load balancer and click on it
  5. Click on the tab for the load balancer
  6. Click on the button to add a new listener
  7. In Add listener, fill in the following information:
    Protocol: portHTTPS:443
  8. Click on the button under Default action(s) and select Forward to...
  9. Select computelab01-web-instances from the Forward to list
  10. Click on the button to confirm your selection
  11. Select Import for the Default SSL certificate field
  12. Select the IAM radio button for Import to field
  13. Type the following name in the Certificate name input field
    [your_name]-self-signed-certificate
  14. Find the [your_name]-self-signed.decrypted.key key file that you created as part of the Prerequisites, and open it with a text editor
  15. Copy the content of the file and paste it in the Certificate private key (PEM encoded) input field
  16. Find the [your_name]-self-signed.key.crt certificate file that you created as part of the Prerequisites, and open it with a text editor
  17. Copy the content of the file and paste it in the Certificate body (PEM encoded) input field
    Note: Make sure that you do not modify the content of the file
  18. Click on the button to save the new listener
  19. Click on the button in the upper left corner to go back to the list of load balancers
  20.  Milestone step:  At this point, you have learned how to create a new HTTPS listener in the Application Load Balancer in Amazon AWS

Exercise #2: Configure the Security Group to Allow HTTPS Traffic and Disable HTTP Traffic

In this exercise, you will configure the Security Group used by the Application Load Balancer to allow secure HTTPS traffic and disable non-secure HTTP traffic.

Steps

  1. Click on the Security Groups link in the left-hand navigation
  2. Find the computelab01-ec2-sg security group and click on it
  3. Click on the Inbound tab, and then on the button
  4. In the pop-up window, click on the button and select HTTPS in the Type dropdown for the new rule
  5. Click on the button next to each HTTP rule to remove those
  6. Click on the button
  7.  Milestone step:  At this point, you have learned how to configure the security group used by the Application Load Balancer to allow HTTPS traffic and disable HTTP traffic
    Note: At this point, you will not be able to see the home pages of the web servers installed on your EC2 instances because they use the same security group but do not respond to HTTPS traffic. You will need to follow the Restricting Access to Target Group EC2 Instances in AWS using Security Groups lab if you want to see the response from your Target Group EC2 instances

 

Last Update: October 23, 2019  

October 23, 2019   132   Toddy Mladenov    Security And Compliance    
Total 0 Votes:
0

Tell us how can we improve this post?

+ = Verify Human or Spambot ?

Back To Top