Answered step by step
Verified Expert Solution
Question
1 Approved Answer
Recall that in Project 1-3, you surveyed available AWS account options and had the opportunity to create an AWS account. In this project, you'll
Recall that in Project 1-3, you surveyed available AWS account options and had the opportunity to create an AWS account. In this project, you'll explore NACLs and security groups in AWS. Complete the following steps: 1. In your AWS Management Console, go to the VPC dashboard. In the navigation pane, scroll down and click Network ACLS in the Security category. You should have at least one NACL listed here as a default. Select that NACL, and then click the Inbound Rules tab for that NACL. Two rules should be listed here, one that allows all traffic and one that denies all traffic. Considering that these rules seem to accomplish exactly opposite purposes, what net effect do you think these rules have on traffic into this VPC? Why do you think this is? 2. Click the Outbound Rules tab and notice that it shows two similar rules with similar configurations. Click the Subnet associations tab. How many subnets are listed here? 3. In the navigation pane, click Security Groups. Unless you've been deleting security groups along the way, you should have a few groups listed here. First check a default security group, and examine the inbound and outbound rules. Notice that there is no setting for "Allow" or "Deny." Any traffic referenced by a rule is allowed. Traffic not referenced by a rule is not allowed. What traffic is allowed in this security group? 4. Click a security group created by a launch wizard. Launch-wizard security groups are created when you spin up a new VM. You've probably deleted the relevant VMs, but the security groups are still present unless you've been deleting these along the way. The traffic that is allowed in a launch-wizard security group is determined by the permission settings you configured on that VM, such as allowing SSH or RDP for remoting in to the VM. What inbound traffic is allowed for this launch-wizard security group? Based on this information, what OS do you think that VM had or has (if it still exists)? le 5. Create a new VPC, a subnet within that VPC, and a VM instance in that subnet. Check the following details as you create the VM: a. On the Step 3: Configure Instance Details page, make sure to associate the VM with your new VPC, not your account's default VPC. b. On the Step 6: Configure Security Group page, choose to select an existing security group instead of creating a new security group. You should be offered the default security group for your new VPC. 6. While the VM is initializing, return to the VPC dashboard and check the rules created by default for your new VPC's NACL and security group. It might be helpful to write down the first few digits of the VPC ID in order to identify the correct NACL and security group. What traffic is currently allowed to this VPC and its instance? 7. Practice creating a higher-priority NACL rule that would specifically allow inbound RDP or SSH traffic, depending on the OS you chose for your VM. Make sure you choose the NACL assigned to the VPC you created earlier in this project. On the NACL's Inbound Rules tab, click Edit inbound rules. Notice the priority for the existing rule, and then click Add Rule. Choose a higher priority rating for your new rule-remember that higher priorities use lower numbers. What priority did you choose? 8. Under Type, choose Custom Protocol Rule. Under Protocol, scroll through the list. What are two protocols that you recognize in this list? 9. Select TCP (6). Under Port Range, enter the port number for the protocol you need. What is the port for SSH? What is the port for RDP? Save your new rule. 10. Practice creating a new security group that only allows inbound RDP or SSH traffic, depending on the OS you chose for your VM. On the Security Groups page, click Create security group. Give the security group a name, such as MySG-1, and a description, such as RDP traffic only or SSH traffic only. Assign the security group to the VPC you created in this project. On tho Inbound I 11 11. On the Inbound Rules tab for this new security group, click Edit rules, and then click Add Rule. Under Type, select Custom TCP Rule. Enter the port number for SSH or RDP, depending on the OS you used for your VM. Under Source, select My IP. What happens? 12. Give the rule a description that would help you identify its purpose in a long list of security rules. This is good practice for later when you'll be managing many NACL and security rules, and you won't necessarily remember why you created any specific rule. What description did you give the rule? Click Save rules and click Close. 13. Return to the EC2 dashboard, and check the detailed description of your instance, which should be running by now. What is the instance's private IP address? 14. Does the instance have a public IP address? Thinking back to what you've learned over the past few modules, why do you think this is? 15. Change the instance's security group to the one you just created. To do this, click Actions, point to Networking, and click Change Security Groups. What security group is currently assigned to the VM? 16. Select the new security group. Are you able to assign both security groups to this one VM? 17. Scroll through the navigation pane for the EC2 Dashboard. Of the security resources you used in this project, which one can you manage from the EC2 Dashboard? 16. Select the new security group. Are you able to assign both security groups to this one VM? 17. Scroll through the navigation pane for the EC2 Dashboard. Of the security resources you used in this project, which one can you manage from the EC2 Dashboard? 18. Delete all of the resources you created in this project-including the VPC, subnet, VM, the VPC's default NACL, and both security groups. In what order did you delete these resources? What error messages did you encounter? How did you handle these problems? Check through your account to confirm that all related resources have been deleted. File Upload
Step by Step Solution
There are 3 Steps involved in it
Step: 1
Get Instant Access to Expert-Tailored Solutions
See step-by-step solutions with expert insights and AI powered tools for academic success
Step: 2
Step: 3
Ace Your Homework with AI
Get the answers you need in no time with our AI-driven, step-by-step assistance
Get Started