Article Review: 7 Steps to Keep the Web Servers Private on AWS



This article on Linked In by Mohammed Vasowala, Enterprise Solutions Architect, shares an interesting architectural implementation to increase the privacy of web servers in a Virtual Private Cloud (VPC).

In typical VPC implementations, the web servers are placed in a public subnet; database and application servers are then placed in a private subnet.

In this article, the author describes techniques for placing the web servers in the private subnet as well and then interfacing to them via bastion hosts.  Traffic to and from the web servers is accommodated by an Elastic Load Balancer (ELB).

This minimizes the endpoints exposed by the web servers, adding an additional layer of security.

A bit more thought is needed in the configuration but it dosen’t appear to require much more effort than is already required to configure a VPC.