Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

Securing access to AppStream

0

Hi All,

I am currently working on an AppStream POC with the intention of streaming a web based application. I have the fleet sat in a private subnet with the intention of only allowing connections from our SIG (Zscaler). I was just looking for some advice for the best way to only allow access to the fleet from a specific IP. I have tried applying security group rules which only allow connections from the relevent IPs but I find I can still connect to the streaming instances from external networks.

Any advice / pointers would be appreciated!

Themen
Vernetzung & Bereitstellung von InhaltenEndbenutzer-Computing
Tags
Amazon VPCAmazon AppStreamSicherheitsgruppe
Sprache
English
Dan Meredith
gefragt vor einem Jahr678 Aufrufe
2 Antworten
1
Akzeptierte Antwort

AppStream 2.0 is a managed service with managed gateways. The fleet, while sitting in a private subnet or more, are streamed through public Gateways. There is another ENI on fleet instances that are dedicated for streaming and service health, which you cannot attach Security Groups to. Now, there is the option to stream through a VPC Endpoint, forcing streaming traffic through a VPC interface - https://docs.aws.amazon.com/appstream2/latest/developerguide/creating-streaming-from-interface-vpc-endpoints.html

AWS
EXPERTE
StevieStets
beantwortet vor einem Jahr
1

This may be what you are looking for: Creating and Streaming from Interface VPC Endpoints.

profile pictureAWS
EXPERTE
kentrad
beantwortet vor einem Jahr

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt