Ping a Specific Port

Question

Sergei

Asked: 2019-11-04 14:21:37 +0800 CST2019-11-04 14:21:37 +0800 CST 2019-11-04 14:21:37 +0800 CST

AWS - deny services deployment in public subnet

772

We are building some security boundaries for our internal teams and would like to limit their ability to deploy services in Public Subnets. I can build a boundary policy for EC2 not to be deployed in public subnets but this only covers EC2 service. Is there a way to block all services, existing or future, from being deployed in a specific subnet?

1 Answers

Voted

MLu · Answer 1 · 2019-11-04T14:41:00+08:00

MLu

2019-11-04T14:41:00+08:002019-11-04T14:41:00+08:00

Pretty much every resource needs an ENI - Elastic Network Interface. Therefore can try to restrict ENI creation in your public subnets. That will cover EC2, RDS, Fargate, VPC-Lambda, ELB/ALB, etc. Not sure if it's possible to create an IAM policy like that, I haven't tried.

In any case AWS Config will notice when a new ENI has been created and you can act upon that. Check out Use AWS Config Rules to Automatically Remediate Non-compliant Resources.

Hope that helps :)

1

AWS - deny services deployment in public subnet

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?