Amazon Virtual Private Cloud (Amazon VPC) enables you to launch AWS resources into a virtual network that you've defined. This virtual network closely resembles a traditional network that you'd operate in your own data center, with the benefits of using the scalable infrastructure of AWS. Show FeaturesThe following features help you configure a VPC to provide the connectivity that your applications need: Virtual private clouds (VPC) A VPC is a virtual network that closely resembles a traditional network that you'd operate in your own data center. After you create a VPC, you can add subnets. SubnetsA subnet is a range of IP addresses in your VPC. A subnet must reside in a single Availability Zone. After you add subnets, you can deploy AWS resources in your VPC. IP addressingYou can assign IPv4 addresses and IPv6 addresses to your VPCs and subnets. You can also bring your public IPv4 and IPv6 GUA addresses to AWS and allocate them to resources in your VPC, such as EC2 instances, NAT gateways, and Network Load Balancers. RoutingUse route tables to determine where network traffic from your subnet or gateway is directed. Gateways and endpointsA gateway connects your VPC to another network. For example, use an internet gateway to connect your VPC to the internet. Use a VPC endpoint to connect to AWS services privately, without the use of an internet gateway or NAT device. Peering connectionsUse a VPC peering connection to route traffic between the resources in two VPCs. Traffic MirroringCopy network traffic from network interfaces and send it to security and monitoring appliances for deep packet inspection. Transit gatewaysUse a transit gateway, which acts as a central hub, to route traffic between your VPCs, VPN connections, and AWS Direct Connect connections. VPC Flow LogsA flow log captures information about the IP traffic going to and from network interfaces in your VPC. VPN connectionsConnect your VPCs to your on-premises networks using AWS Virtual Private Network (AWS VPN). Getting started with Amazon VPCYour AWS account includes a default VPC in each AWS Region. Your default VPCs are configured such that you can immediately start launching and connecting to EC2 instances. For more information, see Get started with Amazon VPC. You can choose to create additional VPCs with the subnets, IP addresses, gateways and routing that you need. For more information, see Create a VPC. Working with Amazon VPCYou can create and manage your VPCs using any of the following interfaces:
Pricing for Amazon VPCThere's no additional charge for using a VPC. There are charges for some VPC components, such as NAT gateways, Reachability Analyzer, and traffic mirroring. For more information, see Amazon VPC Pricing. Q: What is AWS Network Firewall? AWS Network Firewall is a managed service that makes it easy to deploy essential network protections for all of your Amazon Virtual Private Clouds (VPCs). The service can be set up with just a few clicks and scales automatically with your network traffic so you don't have to worry about deploying and managing any infrastructure. Network Firewall’s flexible rules engine lets you define firewall rules that give you fine-grained control over network traffic, such as blocking outbound Server Message Block (SMB) requests to prevent the spread of malicious activity. You can also import rules you’ve already written in common open source rule formats or import compatible rules sourced from AWS partners. AWS Network Firewall works together with AWS Firewall Manager so you can build policies based on AWS Network Firewall rules and then centrally apply those policies across your VPCs and accounts. Q: What are the key benefits of AWS Network Firewall? The AWS Network Firewall infrastructure is managed by AWS, so you don’t have to worry about building and maintaining your own network security infrastructure. AWS Network Firewall works with AWS Firewall Manager, so you can centrally manage security policies and automatically enforce mandatory security policies across existing and newly created accounts and VPCs. AWS Network Firewall has a highly flexible rules engine, so you can build custom firewall rules to protect your unique workloads. AWS Network Firewall supports thousands of rules, and the rules can be based on domain, port, protocol, IP addresses, and pattern matching. Q: How does AWS Network Firewall protect my VPC? AWS Network Firewall includes features that protect from common network threats. AWS Network Firewall’s stateful firewall can incorporate context from traffic flows, like tracking connections and protocol identification, to enforce policies such as preventing your VPCs from accessing domains using an unauthorized protocol. AWS Network Firewall’s intrusion prevention system (IPS) provides active traffic flow inspection so you can identify and block vulnerability exploits using signature-based detection. AWS Network Firewall also offers web filtering that can stop traffic to known-bad URLs and monitor fully qualified domain names. Q: When should I use AWS Network Firewall? AWS Network Firewall gives you control and visibility of VPC-to-VPC traffic to logically separate networks hosting sensitive applications or line-of-business resources. AWS Network Firewall provides URL, IP address, and domain-based outbound traffic filtering to help you meet compliance requirements, stop potential data leaks, and block communication with known malware hosts. AWS Network Firewall secures AWS Direct Connect and AWS VPN traffic running through AWS Transit Gateway from client devices and your on-premises environments. AWS Network Firewall protects application availability by filtering inbound Internet traffic using features such as Access Control List (ACL) rules, stateful inspection, protocol detection, and intrusion prevention. Q: Can I use AWS Network Firewall for protection against DDoS attacks? AWS Network Firewall is designed to protect and control access to and from your VPC, but not to mitigate volumetric attacks, like distributed denial of service (DDoS), that can impact the availability of
your application. To protect against DDoS attacks and ensure application availability, we recommend customers review and adhere to our AWS Best Practices for DDoS Resiliency, and also explore AWS Shield Advanced, which offers managed DDoS protection customized to your specific application traffic. Q: How is AWS Network Firewall different from other firewall offerings on AWS and the AWS Marketplace? AWS Network Firewall complements existing network and application security services on AWS by providing control and visibility to Layer 3-7 network traffic for your entire VPC. Depending on your use case, you may choose to implement AWS Network Firewall along your existing security controls, such as Amazon VPC Security Groups, AWS Web Application Firewall rules, or AWS Marketplace appliances. Q: How much does AWS Network Firewall cost? AWS Network Firewall pricing is based on the number of firewalls deployed and the amount of traffic inspected. Please visit AWS Network Firewall Pricing for more information. Q: In which AWS regions is AWS Network Firewall available? For more information on regional availability for AWS Network Firewall, see the
AWS region table. Q: Which partners have solutions that work with AWS Network Firewall? A number of AWS Partner Network (APN) Partners offer products that complement existing AWS services to enable you to deploy a seamless and comprehensive security architecture across AWS and your on-premises environment. For a current list of APN Partners offering products that complement AWS Network Firewall, see AWS Network Firewall partners. Q: Does AWS Network Firewall offer a Service Level Agreement? AWS Network Firewall offers a Service Level Agreement with an uptime commitment of 99.99%. AWS Network Firewall enables you to automatically scale your firewall capacity up or down based on traffic load to maintain steady, predictable performance to minimize costs. Q: What are the service quotas for AWS Network Firewall? AWS Network Firewall is subject to service quotas for the number of firewalls, firewall policies, and rules groups that you can create and for other settings, such as the number of stateless or stateful rule groups you can have in a single firewall policy. For additional details about service quotas, including information about how to request a
service quota increase, see the AWS Network Firewall quotas page. Which AWS tool or feature acts as a VPC firewall at the subnet level?network ACL (NACL)
An optional layer of security that acts as a firewall for controlling traffic in and out of a subnet. You can associate multiple subnets with a single network ACL, but a subnet can be associated with only one network ACL at a time.
Which firewall is used by AWS?AWS Network Firewall is a stateful, managed, network firewall and intrusion detection and prevention service for your virtual private cloud (VPC) that you created in Amazon Virtual Private Cloud (Amazon VPC). With Network Firewall, you can filter traffic at the perimeter of your VPC.
Which AWS service or feature acts as a firewall for Amazon EC2 instances?A security group acts as a virtual firewall for your EC2 instances to control incoming and outgoing traffic. Inbound rules control the incoming traffic to your instance, and outbound rules control the outgoing traffic from your instance.
What is the name of the AWS level firewall service?AWS Network Firewall is a managed service that makes it easy to deploy essential network protections for all of your Amazon Virtual Private Clouds (VPCs).
|
