Task at Hand
AspireNxt was appointed to help a client setup a secure infrastructure on cloud. Before getting us on board, the client had all their resources on a public subnet that was accessible by all. A public subnet is vulnerable, and susceptible to DDoS and SQL injection. This had to be changed.
After a thorough analysis, we proposed a 3 tier AWS infrastructure in which all resources were stored in private subnets for security. We created a custom VPC, in which we created private and public subnets and we configured the Route Tables.
Since the entire infrastructure was in a private environment, we configured internet facing load balancers to talk to web servers and provisioned AWS WAF on top of the load balancers to prevent SQL injection. We also configured the security groups so that the servers won’t get any request other than the required one.
To route traffic from Cloudflare to the web servers that were hosted on AWS we configured Route 53 for the web application. On top of Route 53 we used the AWS Shield and used AWS Cloudtrail to log, monitor, and retain account activity related to actions across the AWS infrastructure. As standard, we provisioned for detail monitoring on web server, load balancer and database.
With all resources now in a private subnet, the infrastructure was highly secure, the traffic was successfully routed from Godaddy to AWS servers, and there was provision to monitor all account activity. The AWS Shield prevented DDoS and AWS WAF prevented SQL injection.