A company has implemented a new security requirement According to the new requirement, the company must scan all traffic from corporate AWS instances in the company's VPC for violations of the company's security policies. As a result of these scans the company can block access to and from specific IP addresses.
To meet the new requirement, the company deploys a set of Amazon EC2 instances in private subnets to serve as transparent proxies The company installs approved proxy server software on these EC2 instances The company modifies the route tables on all subnets to use the corresponding EC2 instances with proxy software as the default route The company also creates security groups that are compliant with the security policies and assigns these security groups to the EC2 instances
Despite these configurations, the traffic of the EC2 instances in their private subnets is not being properly forwarded to the internet.
What should a solutions architect do to resolve this issue?
Identify Proxy EC2 Instances:
Determine which EC2 instances in the private subnets are running the proxy server software.
Disable Source/Destination Checks:
For each of these EC2 instances, go to the AWS Management Console.
Navigate to the EC2 dashboard, select the instance, and choose 'Actions' > 'Networking' > 'Change Source/Dest. Check'.
Disable the source/destination check for these instances.
Disabling source/destination checks allows the EC2 instances to route traffic appropriately, enabling them to function as network appliances or proxies. This ensures that traffic from other instances in the private subnets can be routed through the proxy instances to the internet, meeting the company's security requirements.
Reference
Amazon EC2 User Guide on Source/Destination Checks
Melinda
2 months agoStefan
22 days agoCarole
1 months agoSusana
1 months agoPete
2 months agoFelix
2 months agoSang
24 days agoSamira
25 days agoKasandra
1 months agoDong
2 months agoLettie
26 days agoMarge
29 days agoWilletta
1 months agoRueben
1 months agoThaddeus
2 months agoRoyal
3 months agoTeresita
2 months agoBette
2 months agoWillow
2 months agoClemencia
3 months agoEssie
3 months ago