Security holds the paramount priority when we build a new web-based product or an architecture, literally anything in the IT world. In this article, let’s take a sneak peak on how we can secure applications on cloud.
Note – The cloud that is discussed in this article is AWS.
Let’s say you started building an architecture in the AWS cloud which runs your web application. And you are happy with the downtime, performance and costs. Are we done now?
As the header states about security, you know by now my answer is a No, ahh such a easy guess!!! 😛
Now let us start securing the instance that holds our web application and the respective databases –
- Firstly, always consider building your own Virtual private cloud(VPC), with your custom security groups, routing table and subnets. The security groups in here acts as a firewall for all the services inside this VPC.
- Secondly, consider having two subnets. One should be private, which should only have access to the internet through NAT gateway and the other should be public, which has a direct access to the internet.
- Plan your load balancers and NAT gateway’s in the the public subnet, as these services doesn’t have your application running on them. And, on the load balancers you have security groups in there, which act as a firewall for the requests through the load balancers.
- Now, all the services which have your application and its data must be in the private subnet dot.
- Even on the instances and on your Databases you can set a security group. This is a firewall for the respective instance and database.
- For enhancing the security a bit more, one could consider using a WAF outside the VPC, after the route53.
These are a few steps one could follow to secure their applications in the cloud. There can always be a much better way, based on the architecture your application is running on.