RSInfoMinds

  A bastion host is a server whose purpose is to provide access to a private network from an external network, such as the Internet. This is going to be our setup. 1) Create a VPC. 2) Create 2 subnets. One as Public and another one as Private. 3) Public Subnet is attached to INTERNET GW -> To allow 2-way internet access from Public Subnet. 4) Public Subnet is attached to NAT GW -> To allow instances on a PRIVATE subnet to access the Internet on 1 way - OUTBOUND. Attached is the IGW to VPC. Create 2 route tables. The public route table is attached to the public subnet and with the route to Internet GW. Let's create another route table called private subnet. Not adding any route at the moment. It's associated with the Private Subnet. Creating 2 instances. One is each subnet.  Named the instance called "bastion" in the public subnet and "webserver" in the private subnet. Connecting to the bastion EC2 instance using public IP. Let's connect to the webs...

  A VPC endpoint enables connections between a virtual private cloud (VPC) and supported services, without requiring that you use an internet gateway, NAT device, VPN connection, or AWS Direct Connect connection. Therefore, your VPC is not exposed to the public internet. Traffic from your VPC is sent to an endpoint service using a connection between the VPC endpoint and the endpoint service. Traffic between a VPC endpoint and an endpoint service stays within the AWS network, without traversing the public internet. VPC endpoints are virtual devices. They are horizontally scaled, redundant, and highly available VPC components.  Let's create an s3 VPC endpoint. I launched an instance from VPC which has public and private IPs. So, when I do # aws s3 ls the call goes to the public endpoint.  url=https://s3.us-east-1.amazonaws.com/ Now, we have the s3 VPCE created and it has a DNS name attached to it. When using the DNS name to access a resource, replace  *  with th...

  AWS Transfer Family is a secure transfer service that enables you to transfer files into and out of AWS storage services.   Transfer Family is part of the AWS Cloud platform. AWS Transfer Family offers fully managed support for the transfer of files over SFTP, AS2, FTPS, and FTP directly into and out of Amazon S3 or Amazon EFS.    You can seamlessly migrate, automate, and monitor your file transfer workflows by maintaining existing client-side configurations for authentication, access, and firewalls—so nothing changes for your customers, partners, and internal teams, or their applications. AWS Transfer Family is a fully managed AWS service that you can use to transfer files into and out of Amazon Simple Storage Service (Amazon S3) storage or Amazon Elastic File System (Amazon EFS) file systems over the following protocols: Secure Shell (SSH) File Transfer Protocol (SFTP): version 3 File Transfer Protocol Secure (FTPS) File Transfer Protocol (FTP) Applicability Stat...

  In our previous post, we saw how to schedule a backup. Now, the back is completed and it is stored in a vault. A vault is a location where the backup is stored. Vault can be configured in GOVERNANCE and COMPLIANCE mode.  I set the vault to retain the backup for 2 days minimum and a maximum of 5 days.  When the vault is in GOVERNANCE mode you can change the retention period but in COMPLIANCE mode no changes are allowed even as root or by AWS. Adding to it, during the retention period backup cannot be deleted manually. Let's change the maximum retention period to 3 days.  Once the retention period has passed, the backup will be deleted automatically.