사용된 AWS 요소

  • Amazon Virtual Private Cloud (Amazon VPC)
  • Internet Gateway (IGW)
  • NAT Gateway (across all public subnets)
  • Multiple Amazon VPC subnets (public & private) in 2 or 3 (if available) Availability Zones (AZs)
  • Routing tables for public subnets - routing through IGW
  • Routing tables for private subnets - routing through NAT Gateway
  • Mulitple VPC Security Groups
  • Bastion Auto Scaling Group (launching no instances) - public 서브넷 내  (public)
  • Amazon Relational Database Service (Amazon RDS) Aurora cluster - private 서브넷 내 (data)
  • Amazon Elastic File System (Amazon EFS) file system - with mount targets in private subnets (data)
  • Amazon ElastiCache cache cluster (optional) - private 서브넷 내 (data)
  • Amazon Elastic Load Balancing (Amazon ELB) Application Load Balancer (ALB) - public 서브넷 내 (public)
  • Web Auto Scaling Group (launching 2 instances) - private 서브넷 내 (web)
  • Amazon CloudFront distribution (optional)
  • Amazon Route53 DNS record set (optional)

 

Bastion 

AWS는 Private subnet 접근을 최소화하기 위하여 Bastion host 방식 사용을 유도하고 있다. 물론 이는 인터넷 상에서의 서버 접근이 필요하거나 별도의 접근 제어 툴이 없을 때 해당된다.