List of landing zone components

The following is a list of components that are used in this sample deployment

1. VPC with three subnets (private, protected, and public). The sample deployment uses a single availability zone but ideally one should use multi-AZ deployment

2. An application server deployed in the private subnet (EC2 instance with NGINX)

3. NAT gateway to allow the app server instances to access the internet without a public IP assignment

4. Internet Gateway to allow access to and from the Internet

5. Network load Balancer for exposing an application deployed in a private subnet

6. Firewall in a public subnet and associated rules to control both ingress and egress traffic

7. The routing component controls all traffic and forces all egress and ingress traffic to be inspected by the AWS firewall

Note – Besides the model depicted in this sample deployment, you can refer to other potential models for securing your infrastructure using AWS Firewall. The following link provides a good summary of all the potential models. We have created templates for each of the models. You can reach out to use if you a need to use and/or deploy these templates using QMCLOUD.

https://aws.amazon.com/blogs/networking-and-content-delivery/deployment-models-for-aws-network-firewall/

Last updated