During my learning towards AWS, I always thought of how we can secure the network using Bastion Host and NAT Gateways, and here are few pointers which I jotted down.
Bastion Host
As per "wikipedia.org", A bastion host is a special-purpose computer on a network specifically designed and configured to withstand attacks. In simple terms, A bastion host is a proxy server configured in public subnet and is created to provide access to a private network from an external network.
It is configured only in Public Subnet of a VPC (Virtual private Cloud) or a VCN (Virtual Cloud Network) and acts as a bridge between the Public Subnet and your applications configured in Private Subnets.
Bastion Hosts are used to administer EC2 Instances in Private Subnets.
NAT Gateway
A Network Address Translation (NAT) is a method of remapping Source and Destination IP's to connect with the Host systems. NAT gateways are used to enable the instances/services in a private subnet to connect to the internet or other AWS services and prevent the internet from initiating a direct connection with those instances/services.
NAT Gateways are always created inside Public Subnets, and it routes the external network traffic from configured IP's to applications/instances configured inside Private Subnets.
NAT Gateways are used to enable Instance in a private subnet to connect to Internet
Below are few features of NAT Gateways:
- A NAT gateway supports 5 Gbps of bandwidth and automatically scales up to 45 Gbps
- We can associate exactly one Elastic IP address with a NAT gateway
- A NAT gateway can support up to 55,000 simultaneous connections to a unique destination
- NAT gateways are not supported for IPv6 traffic—use an egress-only internet gateway instead
- We cannot associate a Security Group with NAT gateway.
No comments:
Post a Comment