Punter Vicky
Reputation: 16982
Launching AWS EC2 instances in public subnet
What is the security concern in launching AWS EC2 instances in public subnet. I assume when an EC2 instance is launched in public subnet , it will have access to outside world provided security groups allow it. Is all traffic from internet allowed to public subnet? I assume even this could be restricted via NACLs.
Upvotes: 1
Views: 1038
Answers (1)
Aress Support
Reputation: 1425
- About launching the ec2 instance in public subnet, it is recommended that EC2 instances which need direct Internet access need to be placed in the public subnet, else instances that need direct access to internal networks must be placed in a private subnet with routes to a virtual private gateway.
- About NACL, you can control incoming and outgoing traffic at subnet level through NACL.
- By default, NACL allows all inbound and outbound traffic.
- Can customize NACL with required rules in order to provide the extra security at the subnet level.
Upvotes: 3
Related Questions
- AWS - Accessing instances in private subnet using EIP
- AWS: How to run instance by specifying VPC rather than subnet-id
- How to place EC2 instance in both public and private subnet?
- EC2 instance in a public subnet has no public IP
- AWS public subnet VPC communication
- Need a public Subnet for each EC2?
- AWS Public Subnet Internet Access for Non Public IP Instances
- How to setup instances in a private subnet of an AWS VPC?
- EC2 Launch Failure On Private Subnet
- AWS vpc access the Internet from public subnet