1. Home
  2. Docs
  3. SecureAccess AWS
  4. AWS Network & Security Configuration

AWS Network & Security Configuration

Allocate Elastic IP address

  1. An Elastic IP address is a public IPv4 address that you can allocate to your account. You can associate it to and from instances as you require, and it’s allocated to your account until you choose to release it.
  2. Navigate to the EC2 dashboard.
  3. In the navigation pane under Network & Security choose Elastic IPs.
  4. Choose Allocate new address.
  5. On the Allocate new address page choose Allocate

Create a Security Group

  1. Navigate to the EC2 dashboard.
  2. In the navigation pane under Network & Security choose Security Groups.
  3. Choose Create Security Group.
  4. Specify a name and description for the security group – e.g. [Security group name: SecureAccess] [Description: Allow access to ports 3389 and 443 from anywhere].
  5. For VPC, choose the VPC created in section 2.1.
  6. For SecureAccess two rules need to be created – one rule to allow RDP (port 3389) access to the server and the other rule to allow access to HTTPS (port 443).
  7. Select Inbound and choose Add Rule. For Type choose RDP. For Source choose Anywhere or choose Custom and enter specific IP addresses (in CIDR notation) to which RDP access is allowed.
  8. Repeat the step for HTTPS rule – for Source select Anywhere.
  9. Choose Create.

Create a Virtual Private Cloud (VPC)

  1. In this step, you’ll use the Amazon VPC wizard in the Amazon VPC console to create a VPC. The wizard performs the following steps for you:
  2. Creates a VPC with a /16 IPv4 CIDR block (a network with 65,536 private IP addresses).
  3. Attaches an Internet gateway to the VPC.
  4. Creates a size /24 IPv4 subnet (a range of 256 private IP addresses) in the VPC.
  5. Creates a custom route table, and associates it with your subnet, so that traffic can flow between the subnet and the Internet gateway.

To create a VPC wizard using the Amazon VPC wizard

  1. Log in to AWS Management Console.
  2. Open the Amazon VPC console listed in AWS Services under Networking and Content Delivery.
  3. In the navigation bar, on the top-right, take note of the region in which you are creating the VPC. Ensure that you continue working in the same region as you cannot launch an instance into your VPC from a different region.
  4. Choose Start VPC Wizard.
  5. In the “Step 1: Select a VPC Configuration” wizard choose the option that suits your network requirement, and choose Select.

Note: Select “VPC with Public and Private Subnets” if you plan to allow SecureAccess clients access to resources in the Private Subnet of the VPC in AWS. Select “VPC with Public and Private Subnets and Hardware VPN Access” if you plan to allow SecureAccess clients access to your corporate network.

  1. In the Step 2 wizard, configure the VPC, Public and Private IPv4 CIDR blocks. (Note: Refer to the section “Setting up a test scenario” for detailed steps.)
  2. For VPC name,Public subnet name and Private subnet name, you can name your VPC and subnets to help you identify them later in the console. You can specify your own IPv4 CIDR block range for the VPC and subnets, or you can leave the default values.
  3. In step 5, if “VPC with Public and Private Subnets and Hardware VPN Access” is selected, refer to the VPC User Guide in AWS for details on how to configure the VPN connection between AWS and corporate network gateway.
  4. In step 5, if you selected “VPC with Public and Private Subnets”, for Elastic IP Allocation ID there are two options:
    1. Use the default NAT gateway that is created in the public subnet
    2. Use a NAT instance that is created based on the instance type that you select.

For option (a) you must specify an Elastic IP address for your NAT gateway; if you don’t have one you must first allocate one to your account. If you want to use an existing Elastic IP address, ensure that it’s not currently associated with another instance or network interface. Refer section 2.1 for details on how to allocate an Elastic IP address.

For option (b) select the NAT instance type. The instance is automatically created.

  1. Choose Create VPC. Navigate to Your VPCs in the VPC dashboard and verify the details.
  2. In step 5, if you selected “VPC with Public and Private Subnets”, a security group has to be created to allow traffic from private subnet to the public subnet. Follow the steps in section 2.2 to create the security group. For Type select AllTraffic and for Source configure the private subnet.
  3. Go to EC2 instances view and select the NAT instance (should be the one without a name). Assign a name to the NAT instance for better identification. Choose Actions menu and choose Networking->Change Security Groups. Check the security group and choose Assign Security Groups.