Time
36 minutes
Difficulty
Intermediate
CEU/CPE
1

Video Transcription

00:00
Hello, everybody. And welcome back, as you could see, were in the AWS management Consul. I'm gonna go ahead and head over to VP sees and when you're looking for network A C. L's on the settings, the change for your a c l's they will be sitting within the biggest e dashboard you could head under here on your security
00:19
goto network A seals.
00:20
And remember, I talked about how when he set up an account, you get a default TPC and you also get a default network A seal. Well, this is what I'm talking about. If I go over here to your VP, sees you're going to see I have my vpc and under default says yes,
00:39
wealthy
00:41
know where j. C. L is also associated with That is also says defaults. It says yes, there. And when I was talking about in the slides with the inbound and outbound rules, I was talking about this right here, all traffic, all particles, Allport ranges. All destinations are allowed on my m bound
01:00
and my heart pounds. I know that is just so that in reverse. But you know what I mean. It is allowed across the board And in order for you to change this, what you have to do is you have to change the rule number or you have to edit inbound rules, maybe admit and our rules. And what this rule number does is since your
01:21
rules by priority. So
01:23
the lower the number, the higher their priority. This one's obviously set 200. So just to simplify if I were to set a new rule to 99 I said, deny all protocols, denial port ranges and deny from everywhere and set tonight here, then
01:41
it would overrule this
01:44
ruling right here
01:46
on. You can edit that by adding a new rule saying, 99 I want all actually, let's do all traffic,
01:57
all traffic,
01:59
all protocols, everything
02:01
deny.
02:04
And as you can see a sense, it is the higher priority, and it's going to deny everything and overrule this one. If I were to, uh, let's say, edit the rule and assisting on traffic, I say I want to block sshh
02:21
and I want to block it from everywhere in the world's I can save it. And now what it's gonna do is this going to allow all traffic from everywhere except for estate. She just won't allow SS age from anywhere. You can change
02:36
the inbound and outbound rules right here. That's simply and every single easy to instance that's attached to this network. A CEO which these air things you change when you're you set into place. When you're setting up your VP sees and when you're deploying, you're easy to insist is you get to choose which ABC you want to stick him into, um, these security settings air going to control that
02:58
from the gecko, and and it's super simple. As you can see, I can change it for imbalance can change for outbound. And, uh, yeah, Amazon takes care of the rest of it for you. So hopefully that was helpful. Um, if you have any questions, feel free to reach out to me. All right, I'll talk to you later.
03:14
All right. I'll see in the next lecture

Up Next

AWS Infrastructure Security

Looking to learn more about the security infrastructure offerings with AWS? You’re in luck! AWS offers a multitude of tools that secure your network and systems and in this course, we will introduce you to them.

Instructed By

Instructor Profile Image
Nicolas Moy
Senior Cloud Security Engineer
Instructor