Update Security Groups Automatically Using AWS Lambda

search share 参加 ログイン

Update Security Groups Automatically Using AWS Lambda

1時間 クレジット: 10

Self-Paced Lab

SPL-149 Version 1.3.5

© 2021 Amazon Web Services, Inc. and its affiliates. All rights reserved. This work may not be reproduced or redistributed, in whole or in part, without prior written permission from Amazon Web Services, Inc. Commercial copying, lending, or selling is prohibited. All trademarks are the property of their owners.

Corrections, feedback, or other questions? Contact us at AWS Training and Certification.

Lab Overview

Security is a top priority for Amazon Web Services (AWS). AWS provides many tools and services to meet your unique security needs. This lab presents a solution (one of many) to enhance your security. The lab walks you through a method to automatically update your Amazon Virtual Private Cloud (Amazon VPC) security groups to only allow access from Amazon CloudFront and AWS WAF. Defining security group rules this way prevents malicious requests from bypassing AWS WAF security rules and accessing your Amazon Elastic Compute Cloud (Amazon EC2) instances directly.

To only allow traffic that originates from the CloudFront and AWS WAF IP range, you need to be informed of AWS IP changes. AWS notifies users of service IP changes through a public Amazon Simple Notification Service (Amazon SNS) topic that gives service IP ranges in JSON format. Using the integration between Amazon SNS and AWS Lambda, this lab demonstrates a way to automatically update security groups with these new IPs.

Topics Covered

After completing this lab, you should be able to:

  • Create Amazon VPC security groups
  • Create an AWS Identity and Access Management (IAM) policy
  • Create an AWS Lambda function
  • Test a Lambda function with sample events
  • Subscribe the Lambda function to an Amazon SNS topic

Technical Knowledge Prerequisites

This lab is intended for AWS learners. To successfully complete this lab, you should be familiar with AWS services including Amazon EC2, Amazon VPC security groups, IAM roles and policies, and Amazon SNS. You should be comfortable logging in to and using the AWS Management Console.

Qwiklabs に参加してこのラボの残りの部分や他のラボを確認しましょう。

  • Amazon Web Services コンソール への一時的なアクセス権を取得します。
  • 初心者レベルから上級者レベルまで 200 を超えるラボが用意されています。
  • ご自分のペースで学習できるように詳細に分割されています。