Designing VPC with Security First Mindset

Everyone is moving to Cloud for deployment of their workload and hence it is pretty important to ensure that the logical network in which workload is deployed is hardened enough to ensure that security is not compromised.

In this article, I will be covering how to design a AWS Virtual Private Cloud (VPC) with Security First mindset. This set-up can be used for Production level deployment as well.

Here is the high level requirement of the application to be deployed:

1. 3-tier Web Application. Has a Web tier for serving web pages and content, Application tier for the business logic execution and Data tier for persisting the data in the system for long term storage.
2. Application tier integrates with AWS Simple Storage Service (S3) for persisting files and with AWS Simple Email Service (SES) for sending emails.
3. Application tier also interacts with another 3rd party service which exposes a public endpoint over HTTPs.
4. High Availability required for Web and Application Server.

And below is the security requirement:

1. The Web tier should be open to all and is allowed to serve requests on HTTPs only.
2. Application tier can accept requests HTTPs requests only from the Web tier
3. The Data tier can be accessed only from Application tier.
4. Developers should be allowed to connect to servers in Web tier or…