AWS WAF
You restrict access by using security groups and private subnets for all your resources. All of the monitor logs, VPC Flow Logs, and CloudTrails are active. IAM policies are enforced, everything is correctly secured, and nothing is exposed. This is because you have the VPN service to access any resources. However, if you want to provide an internet service, you have to open at least one point of access to the external world. As we already discussed in the VPC Subnets section, you should expose as few resources in the public subnet as possible, with the 0.0.0.0/0
security group rule open. If possible, only an ELB should stay in this situation, passing connections to the EC2 machines in private subnets, since the EC2 machines communicate with the RDS databases with strict security rules.
This is the most classic AWS application, and it is not necessary to explain it in detail here. Instead, we want to focus on increasing the security of the ELB with the AWS WAF. For more information...