1. Home
  2. Docs
  3. SecureAccess AWS
  4. Overview

Overview

This document describes an overview of the AWS components required to provision a SecureAccess server and detailed deployment steps are needed to complete the setup.

AWS Account

If you haven’t created an account already, setup an AWS account to utilize the various AWS resources that are needed to provision Celestix SecureAccess server. Once you have completed the account setup you will be presented with the AWS Management Console.

Virtual Private Cloud

AmazonVirtual Private Cloud(VPC) is the networking layer for Amazon EC2.A Virtual Private Cloud is a virtual network logically isolated from other virtual networks in the AWS cloud.

  • You can launch your AWS resources, such as Amazon EC2 instances, into your VPC.
  • You can configure your VPC by modifying its IP address range, create subnets, and configure route tables, network gateways, and security settings.

A subnet is a range of IP addresses in your VPC. You can launch AWS resources into a specified subnet. Use a public subnet for resources that must be connected to the internet, and a private subnet for resources that won’t be connected to the internet.

If your account supports the EC2-VPC platform only, it comes with a default VPC that has a default subnet in each Availability Zone. If you have a default VPC and don’t specify a subnet when you launch an instance, the instance is launched into your default VPC. You can launch instances into your default VPC without needing to know anything about Amazon VPC.

You can create your own VPC, and configure it as you need. This is known as a nondefault VPC. This gives you complete control over your virtual networking environment, including selection of your own IP address range, creation of subnets, and configuration of route tables and network gateways. Subnets that you create in your nondefault VPC and additional subnets that you create in your default VPC are called nondefault subnets.

Internet Gateway

An internet gateway enables your instances to connect to the internet through the Amazon EC2 network edge. You control how the instances that you launch into a VPC access resources outside the VPC.

Your default VPC includes an Internet gateway, and each default subnet is a public subnet. Each instance that you launch into a default subnet has a private IPv4 address and a public IPv4 address. These instances can communicate with the internet through the internet gateway.

Elastic IP addresses

An Elastic IP address is a static public IPv4 address associated with your AWS account and reachable from the Internet. With an Elastic IP address, you can mask the failure of an instance or software by rapidly remapping the address to another instance in your account. The public DNS hostname resolves to the public IPv4 address or the Elastic IP address of the instance outside the network of the instance and to the private IPv4 address of the instance from the network of the instance.

Security Groups

A security group acts as a virtual firewall for your instance to control inbound and outbound traffic. When you launch an instance you can assign up to five security groups to the instance. A Security group acts at the instance level, not subnet level. If you don’t specify a security group at launch time, the instance will be automatically assigned to the default security group for the VPC. When you create a security group, it has no inbound rules. Therefore no traffic is allowed to the instance until inbound rules are added.

NAT Gateway or NAT instance

AWS offers two kinds of NAT devices – a NAT gateway or a NAT instance. A NAT gateway service is a managed service that does not require your administration efforts. A NAT instance is launched from a NAT AMI and requires basic settings to be configured. These devices are required only if you need resources in private network to connect to the Internet e.g. the scenario where you create VPC with Public and Private Subnets.