By using AWS re:Post, you agree to the Terms of Use
AWS re:Postre:Post
/Network Security/Questions/

Questions tagged with Network Security

Sort by most recent

Browse through the questions and answers listed below or filter and sort to narrow down your results.

check best pratices ans security compliance for AWs accounts

Hi team, we want to do some audits on all our projects using AWS accounts, Are there any first items to start checking or any specific checklist to go over when doing the audit to make sure that best practices and security are implemented? Thank you!
Security Identity & ComplianceSecurityAWS Account ManagementSecurity GroupNetwork Security
2
answers
0
votes
38
views
Jess
asked 12 days ago

Is it a good idea to have single security group for multiple apps?

We are having multiple apps which are more or less using the same incoming traffic rules. For half of the apps we are in a condition where we frequently need to change the outgress IPs for a port. That requires us to rerun the Cloudformation stack everytime it changes. Is it a good idea to have a single Security group for all apps which we map on all app Cloudformation stacks to reduce efforts. I also have security considerations and best practices rule in my mind, I just wanted to have wise opinions.
SecuritySecurity GroupNetwork Security
2
answers
0
votes
41
views
rePost-User-7130205
asked 22 days ago

secure document transmission for face image extraction

We are trying to get customer's face image details using AWS rekognition's `detectface `API. We are passing the document in bytes as input, but this is highly restricted data as it contains Unique Customer Information. `List<FaceDetail> detectFaces(@NonNull final byte[] bytes) ` We know service supports over HTTPS and encrypted with TLS. Is this client to server channel safe from any external intrusion?? OR Does this AWS rekognition provide any encrypted input data transmission support for e.g. client side encryption at rest ?
Security Identity & ComplianceAmazon RekognitionSecurityEncryptionNetwork Security
1
answers
0
votes
18
views
rePost-User-0423085
asked a month ago

SecurityHub to EventBridge

I have integrated GuardDuty with SecurityHub I am looking to filter and process Only the GD findings that come via Securityhub in eventbridge when I go to create a rule to process the messages in eventbridge do I need to select the event source as GuardDuty or security hub?
Amazon EventBridgeMicroservicesNetwork Security
1
answers
1
votes
30
views
rePost-User-6703621
asked 2 months ago

Lambda in private subnet cannot reach DynamoDB

Hi! We are working on a POC related to hardening network security & resources. We used as model the reference of Building Basic Web Application, link: [https://aws.amazon.com/getting-started/hands-on/build-web-app-s3-lambda-api-gateway-dynamodb/](), where a Lambda invoke from API Gateway post data in to a DynamoDB table. Here are the changes made: * The lambda was set to be inside the VPC and within a private subnet. * A NAT Gateway was added for internet access and linked to the route table of the private subnet. * A VPC Gateway endpoint was also added so the communication between the lambda and DynamoDB can be done thru the endpoint instead over routes. This endpoint has also been added to the route table of the private subnet. If we take out the lambda out of the VPC and configure it as "NONE" in the VPC settings, it works fine, just as it suppose to work from the reference previously shared. We created another lambda, using the "Hello World" template, we added it to the same VPC and it works fine. The problem here is wih the Lambda that post data in to a DynamoDB table. Error message from Lambda: Task timed out. It seems that the issue is between the communication from Lambda to DynamoDB, since the other Lambda works fine inside the VPC. Any advice? Kinldy/please help! Thank you! ![Reference Architecture](https://repost.aws/media/postImages/original/IMig5QmJK6Re-eqxLh5LLYvQ)
Amazon VPCAWS LambdaAmazon API GatewayAmazon DynamoDBNetwork Security
1
answers
0
votes
88
views
rePost-User-7551437
asked 2 months ago

What is main difference between DDoS testing and Stress/load test?

In many case, ddos test is one kind of the stress/load test. In the article "Network Stress Test" ((https://aws.amazon.com/tw/ec2/testing/)) it's not allow to do simulate ddos test to try the limitation to the service while dstress/load test is OK. What is the difference between ddos test and stress/load test in AWS definition? Are there any clarify explains can provide to me ?
Accepted AnswerNetworking & Content DeliveryNetwork Security
1
answers
0
votes
41
views
rePost-User-2012324
asked 2 months ago

How does AWS reconfigure it's network infrastructure on-the-fly?

As a former CCNA holder and someone who has both worked for Internet Service Providers as well as visited some of the very data centres that AWS likely operates out of (though it's of course impossible to confirm), I'm curious as to how exactly AWS manages the impressive feat of reconfiguring it's network programatically. The term Software Defined Networks spring to mind. But why is there so little transparency about it? Security through obscurity? I thought that died out a long time ago. It seems like AWS doesn't talk about it. Is this AWS policy?
Accepted AnswerNetworking & Content DeliveryNetwork Security
1
answers
0
votes
33
views
rePost-User-3622937
asked 2 months ago

How to Connect Private RDS PostgreSql Instance using Pgadmin locally?

![Enter image description here](https://repost.aws/media/postImages/original/IMdXBKQnVzQzS4I4yl9xEFog) Hello experts, From above Architecture diagram you can able to get all the required information. Here is the doubts: * **My goal is to connect RDS Postgresql Engine from my pgadmin locally and to build a dashboard using tableau from that RDS Database.** * My Ec2 instance will do data extraction process and store it into DB, Now I need to access the database whenever my EC2 instance is turned off or directly connect to DB from my pgadmin locally, However it should present in private subnet. Any guidance and help will be really thankful to you. As I'm beginner please help to solve this problem. 🙏🙂🙏
PostgreSQLAmazon Relational Database ServiceDatabaseSecurity GroupNetwork Security
2
answers
0
votes
157
views
jai_barath18
asked 2 months ago

AWS S3 port 444 is open to the public internet

Hi, So I got a security assesment from my customer stating a port 444 is open on their S3 buckets. I checked and it is common for all buckets created. The https port 443 is open with bucketname.s3.region.amazonaws.com and the SSL certificate is correct. ![https 443 access is fine](https://repost.aws/media/postImages/original/IMtvcHr-CGTOir32EBcPe3qQ) Now lets see the access on 444 port ![https 444 is SSL error](https://repost.aws/media/postImages/original/IMmU4ewSkpTjy647q55H0gGQ) As you can see, its SSL cert is for *.s3.region.vpce.amazonaws.com So I tried to access the bucketname.s3.region.vpce.amazonaws.com domain and it isn't publicly resolved which is understood since it only needs to be resolved inside a VPC since it is for the VPC endpoint service. ![vpce domain is not resolved](https://repost.aws/media/postImages/original/IMRkVbkp-RRkev2vKmPx0t_g) So I checked the IP with hosts command and apparently my bucket domain name is an alias of s3-r-w.ap-south-1.amazonaws.com with the IP 52.219.156.130 I added it to my hosts file and the SSL for the 444 port with vpce domain works (expected) ![SSL issue is fixed after using vpce domain](https://repost.aws/media/postImages/original/IMt_lIGZ4ERymiPXmpxdHiLQ) Now my question is why does this port exist. While we access it via the VPC endpoint we still access 443 port. So is there a port forwarding while going through VPCE or is this port open for something else. Since S3 has gateway VPC endpoint, does that mean all the publc IPs need to be open? We don't put vpce also in the domain when we call S3 endpoint with VPCE, so does that means there is a domain rewrite also? If someone can let me know how this works, it will be really great. I can also inform my customer as such. Thank you.
Amazon Simple Storage ServiceAmazon VPCNetworking & Content DeliveryNetwork Security
0
answers
1
votes
175
views
profile picture
Vignesh N
asked 2 months ago

Is it possible move/migrate EIP to another account?

Hi, I have in an account an EIP (Elastic IP) that is being used in an EC2, for a series of needs, I need to migrate/move this EIP to another AWS account, is this possible ? What is the procedure? Regards!
Accepted AnswerMigration & TransferAmazon VPCAmazon EC2Network Security
3
answers
0
votes
303
views
Zeus Arias
asked 3 months ago

network problem

I found that the network quality from mainland China to Tokyo, Japan is unstable, I don't know if it can be optimized source ip :115.238.145.17 destination ip:3.115.248.193 I provide the source and destination addresses, you can perform quality inspection,
AWS Global AcceleratorAmazon EC2AWS Data ExchangeTelecommunicationsNetwork Security
1
answers
0
votes
54
views
rePost-User-1547686
asked 3 months ago

Malware Reverse Engineering

Is it possible to setup a malware analysis lab in AWS ? If so could you please help me with necessary details ?
AWS Security HubSecuritySecurity GroupNetwork Security
2
answers
0
votes
97
views
rePost-User-1205457
asked 3 months ago