Securing the Network
The Amazon EC2 service provides the ability to dynamically add and removed instances. However, this
flexibility can complicate firewall configuration and maintenance which traditionally relies on IP
addresses, subnet ranges or DNS host names as the basis for the firewall rules.
The Amazon EC2 firewall allows you to assign your compute resources to user-defined groups and
define firewall rules for and in terms of these groups. As compute resources are added to or removed
from groups, the appropriate rules are enforced. Similarly, if a group's rules are changed these changes
are automatically applied to all members of the affected group.
Amazon EC2
Developer Guide
12
Notes
Defining firewall rules in terms of groups is flexible enough to allow you to implement functionality
equivalent to a VLAN.
In addition to the distributed firewall, you can maintain your own firewall on any of your instances.
This may be useful if you have specific requirements not catered for by the distributed firewall.
Amazon EC2
Developer Guide
13
Previous Page Next Page