Security holds the paramount priority when we build a new web-based product or an architecture, literally anything in the IT world. In this article, let’s take a sneak peak on how we can secure applications on cloud.

Note – The cloud that is discussed in this article is AWS.

Let’s say you started building an architecture in the AWS cloud which runs your web application. And you are happy with the downtime, performance and costs. Are we done now?

As the header states about security, you know by now my answer is a No, ahh such a easy guess!!! 😛

Now let us start securing the instance that holds our web application and the respective databases –

  • Firstly, always consider building your own Virtual private cloud(VPC), with your custom security groups, routing table and subnets. The security groups in here acts as a firewall for all the services inside this VPC.
  • Secondly, consider having two subnets. One should be private, which should only have access to the internet through NAT gateway and the other should be public, which has a direct access to the internet.
  • Plan your load balancers and NAT gateway’s in the the public subnet, as these services doesn’t have your application running on them. And, on the load balancers you have security groups in there, which act as a firewall for the requests through the load balancers.
  • Now, all the services which have your application and its data must be in the private subnet dot.
  • Even on the instances and on your Databases you can set a security group. This is a firewall for the respective instance and database.
  • For enhancing the security a bit more, one could consider using a WAF outside the VPC, after the route53.

These are a few steps one could follow to secure their applications in the cloud. There can always be a much better way, based on the architecture your application is running on.


Published by Ritesh Kumar Reddy

I(Ritesh) work as a Sr. Cloud Engineer for a living. Learning new technologies has always been my hobby. Why not share it? Here is the brainchild – blogging to share the knowledge. This blog is for those who wish to start or already into the Cloud field. Each article briefly talks about a tool/technology that is used in the Cloud model. Once you read the article, I hope, you get a kick start regarding the specific tool/technology.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: