[AWS] When building a bastion server, I would like to control the outbound (communication from inside to outside) by domain (FQDN), but I do not know how to realize it (configuration), so please tell me.
Services I want to control: 80/443/22 ports
After investigating, it seems that access control can only be performed by specifying the IP address in VPC and network ACL, but how can it be constructed?
I think that AWS WAF is used in the place where I think this is the most, but can this be used for access control in the outbound domain of the bastion server?
Also, is Route 53 required when controlling a domain using AWS WAF?
Is it possible to control access in a domain by itself?
EC2: WindowsServer->80/443/22->VPC->AWS WAF? ->Internet
-I want to control access to both inbound and outbound on the bastion server.
-For outbound, I want to control access by domain (FQDN)
(Because the IP address range of the connection destination site is too large or the IP is changed irregularly)
* Example: AWS server without fixed IP/Windows Update of MS/Pattern update of Security software, etc.
If i like, I would appreciate it if you could tell me based on the simple structure.
Answer # 1
If it's control of external access, it's Proxy.
It doesn't seem to be an AWS service, so I think it will be built on EC2.
- aws - i would like to know the criteria for introducing lb in aws server construction
- aws - i made a mistake in the aws cloud9 user guide and want to restore it
- aws - [aws] an error occurs when creating a subnet for rds, and when trying to create a subnet, it overlaps with the cidr of the
- aws - about the topic of ichi aws subscription
- aws - about aws cloudformation values
- aws - how to operate as a pseudo internal server on aws
- aws - cpu usage suddenly rises and ssh connection is not possible
- aws - how to check the kcl version
- aws - how to use aws sdk with vuejs
- aws - how to publish a web page on vps
- aws - about the case of using docker in a production environment
- aws - about building an svn environment on amazon linux2
- aws - unicorn error log location
- aws - download files created on aws
- aws - how to save temporary files when aws autoscale runs out of instances
- aws - aws ebs volume
- aws - garbled characters when uploading txt file to aws s3
- aws - lack of vpc peering authority
- aws - what is pressing the dsa_control on the dmz relay?
- python - you may need to restart the kernel to use updated packages error
- php - coincheck api authentication doesn't work
- php - i would like to introduce the coincheck api so that i can make payments with bitcoin on my ec site
- [php] i want to get account information using coincheck api
- the emulator process for avd pixel_2_api_29 was killed occurred when the android studio emulator was started, so i would like to
- i want to call a child component method from a parent in vuejs
- python 3x - typeerror: 'method' object is not subscriptable
- dart - flutter: the instance member'stars' can't be accessed in an initializer error
- xcode - pod install [!] no `podfile 'found in the project directory