AnswerBun.com

Isolation AWS resources with multiple subnets vs multiple VPCs

Information Security Asked by sdgfsdh on February 2, 2021

I have AWS resources (e.g. EC2s, RDS instances) that I would like to isolate from each other so that if one is compromised, the potential damage is limited. I am most concerned about data leakage / exfiltration. I can group these resources into logical "areas". Some of the resources need access to the public internet. Some of the resources need API access to other resources in different areas. Occasionally, developers will need to make SSH connections to the resources via OpenVPN, so those keys might also be a security risk.

My understanding is that I can split my resources in a few ways:

  • A single VPC and a single subnet with communication controlled by security groups (I understand this is not recommended, buy why?)
  • A single VPC with multiple subnets and controlled communication between them
  • Multiple VPCs each containing multiple subnets, with controlled communication between them

What are the security implications of each approach?

awsnetwork

Add your own answers!

Related Questions

Hardening WMI: Any security benefit to changing Impersonation level & separately, setting ‘Winmgmt Standalonehost?’

0  Asked on October 28, 2021

     

Is inputting credit card numbers over a mobile phone secure?

1  Asked on October 28, 2021

     

Why does Windows not always force me to confirm my password when changing it?

2  Asked on October 28, 2021 by stalemate

         

Is password strength exclusively a function of character set size multiplied by password length-in-characters?

4  Asked on October 28, 2021 by thump

     

How secure is (permanent) cookie-only authentication?

1  Asked on October 28, 2021

   

How does a shared vault in password managers such as 1Password work?

2  Asked on October 28, 2021

   

Are call stack addresses predictable with all protections disabled?

2  Asked on October 28, 2021 by maikkeyy

     

Preventing access to encrypted files at all

3  Asked on October 28, 2021

     

Deauthorization Bug in messenger application – How serious is this?

0  Asked on October 28, 2021

         

How do I share secret key files with Docker containers following 12 Factor App?

1  Asked on October 28, 2021 by flexi

   

Whatsapp suspicious message

1  Asked on October 28, 2021 by perpetuallearner

   

How can we limit access to a single computer?

1  Asked on October 28, 2021 by duane-murphy

       

Effect of Firefox’s “Responsive Design Mode” on the browser’s fingerprint

1  Asked on October 28, 2021

       

I accidentally downloaded a .bin file, should I be worried?

1  Asked on October 28, 2021 by iknownaught

 

Is there a security vulnerability in setting a public DNS entry to a private IP Address?

1  Asked on October 28, 2021 by will-pike

       

Secure a virtual machine during a lab exercise

2  Asked on October 28, 2021 by martin-frholz

     

HTML Injection to blind SSRF testing retrieves only DNS Query

0  Asked on October 28, 2021 by none_none

     

Plausible reason for a VPN to point to a country different to the one you are connected to?

0  Asked on October 28, 2021

 

Exploit failed [unreachable]: Rex::ConnectionTimeout The connection timed out(remote host ip)

4  Asked on October 28, 2021 by this-is-edis-mehmedovic

   

What is the purpose of frequently rotating TLS certificates without changing underlying keys?

3  Asked on October 28, 2021 by arran-schlosberg

     

Ask a Question

Get help from others!

Recent Answers

Recent Questions

© 2023 AnswerBun.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP