QMCLOUD
  • What is QMCLOUD
  • Overview
    • Component Details
    • Security and RBAC
    • Dependencies
  • Architecture
  • Main features
  • Installation and Configuration
    • QMCLOUD SaaS
      • SaaS Registration
    • AWS Marketplace
    • Self-hosting
  • User Interface and Navigation
    • Main menu
    • Dashboard
    • General action buttons
    • Stack and Canvas
    • Stack Details
  • Getting started
    • Pre-requisites
    • Login to QMCLOUD
    • Create organization
    • Add Role
    • Add User
    • Add Components
    • Add Stack Profile
    • Add Workspace
    • Add Stack
    • Compose Infrastructure Using the Canvas
    • Add AWS Vpc
    • Add Subnets
    • Connect VPC and Subnets
    • Save Canvas State
    • Deploy the Infrastructure
  • AI Copilot
    • Example deployment using AI Copilot
    • AI Copilot pre-defined prompts
  • Additional resources
    • Explainer video
    • Short video on AI Copilot
    • Quick walkthrough videos
    • Walkthrough of deployment of AWS EKS
  • Examples
    • Deploy AWS Firewall and Networking with QMCLOUD
      • Application and landing zone components
      • List of landing zone components
      • Deployment steps
      • VPC configuration details
      • Routing configuration details
      • Firewall configuration
      • Additional components configuration
    • Securing applications in AWS using Palo Alto firewall
  • Templates
    • AWS Landing Zone
    • AWS EKS
    • Azure Web App
Powered by GitBook
On this page

Was this helpful?

  1. Examples
  2. Deploy AWS Firewall and Networking with QMCLOUD

List of landing zone components

The following is a list of components that are used in this sample deployment

PreviousApplication and landing zone componentsNextDeployment steps

Last updated 2 years ago

Was this helpful?

1. VPC with three subnets (private, protected, and public). The sample deployment uses a single availability zone but ideally one should use multi-AZ deployment

2. An application server deployed in the private subnet (EC2 instance with NGINX)

3. NAT gateway to allow the app server instances to access the internet without a public IP assignment

4. Internet Gateway to allow access to and from the Internet

5. Network load Balancer for exposing an application deployed in a private subnet

6. Firewall in a public subnet and associated rules to control both ingress and egress traffic

7. The routing component controls all traffic and forces all egress and ingress traffic to be inspected by the AWS firewall

Note – Besides the model depicted in this sample deployment, you can refer to other potential models for securing your infrastructure using AWS Firewall. The following link provides a good summary of all the potential models. We have created templates for each of the models. You can reach out to use if you a need to use and/or deploy these templates using QMCLOUD.

https://aws.amazon.com/blogs/networking-and-content-delivery/deployment-models-for-aws-network-firewall/