ASSIGNMENT NO.

4
Name: Anish Joshirao
PRN No:121B1D054
Sub: Cloud Computing Lab

Title of Assignment:
Configure various networking and security services to ensure the optimal performance,
reliability, and security of a networked environment. The tasks include configuring
network devices, managing network services, implementing security protocols, and
ensuring the confidentiality, integrity, and availability of data across the network.

Outcome / Learning objectives:

The objective of this assignment is to configure and manage various networking and security
services to ensure optimal performance, reliability, and security of a networked environment.
The tasks include:
● Configuring network devices such as Virtual Private Cloud (VPC), subnets, and route
tables.
● Managing network services, including DNS, VPN, and Internet Gateways (IGW).
● Implementing security protocols by configuring Security Groups, Network Access
Control Lists (NACLs), and VPN connections.
● Ensuring the confidentiality, integrity, and availability of data across the network.
● Understanding best practices for cloud networking, ensuring secure communication,
and maintaining a high level of performance and scalability.

Theory:
1. Introduction:
Cloud computing refers to delivering computing services like servers, storage, databases,
networking, software, and more over the internet (the "cloud"). Amazon Web Services
(AWS) is a leading cloud platform offering a comprehensive range of services that enable
businesses and developers to build scalable, reliable, and secure applications in the cloud.
In cloud computing, networking is crucial for ensuring various resources communicate
seamlessly with each other and with on-premises infrastructure. Security, on the other hand,
ensures that these resources are protected from unauthorized access, maintaining data
confidentiality and application integrity.
This assignment focuses on configuring AWS networking and security services to optimize
performance, reliability, and security within a cloud environment. Key tasks include setting
up cloud networking components (e.g., Virtual Private Cloud, security groups, and VPNs)
and configuring cloud-native security services such as AWS Identity and Access
Management (IAM), AWS Shield, and AWS Web Application Firewall (WAF).
1. Networking Configuration in AWS
AWS offers powerful tools for creating and managing virtual networks, providing isolated
environments, subnets, and gateways. Key AWS networking services include:
o Virtual Private Cloud (VPC): Enables the creation of isolated network
environments, allowing for IP address range definition, subnet configuration,
and route table management.
▪ Subnets: You can set up public and private subnets within a VPC,
isolating services based on security requirements, such as public
subnets for web servers and private subnets for backend services.
▪ Route Tables & Internet Gateways (IGW): Route tables manage traffic
flow between subnets, while IGWs allow communication between
VPC instances and the internet.
o Elastic IP (EIP): A static IPv4 address that can be assigned to an EC2
instance, providing a persistent public IP that remains the same even after
restarts.
o VPC Peering: Allows private connectivity between two VPCs, enabling
seamless communication across resources in different VPCs.
o AWS Direct Connect: Provides a dedicated private connection between on-
premises data centers and AWS, offering enhanced security and reliability.
2. Security Configuration in AWS
AWS security involves identity management, access control, encryption, and monitoring.
Key security services include:
o AWS Identity and Access Management (IAM): Manages user access to
AWS resources with users, groups, and roles, adhering to the principle of least
privilege.
▪ IAM Policies: Specify permissions for actions on AWS resources.
▪ IAM Roles: Assign permissions to AWS services or users (e.g.,
granting EC2 instances access to an S3 bucket).
o Security Groups & Network ACLs (Access Control Lists):
▪ Security Groups: Serve as virtual firewalls for EC2 instances,
managing inbound and outbound traffic by IP address, port, or range.
▪ Network ACLs: Provide subnet-level traffic control and offer an
additional layer of security. Unlike security groups, they are stateless
and require both inbound and outbound rules.
 o AWS Key Management Service (KMS): Manages encryption keys for
securing data across AWS resources, including S3, EBS, and RDS.
o AWS Web Application Firewall (WAF): Protects web applications from
threats like SQL injection, cross-site scripting (XSS), and distributed denial-
of-service (DDoS) attacks by blocking malicious traffic.
o AWS Shield: Managed DDoS protection service with two tiers—Standard
(free) and Advanced (premium), providing enhanced visibility and protection
against attacks.
o VPC Flow Logs: Capture and record information about traffic within a VPC,
assisting in security monitoring and threat analysis.
3. VPN and Hybrid Cloud Security
o AWS Site-to-Site VPN: Connects on-premises data centers to AWS VPCs
through an encrypted VPN, supporting secure communication in hybrid cloud
environments where cloud resources and on-premises infrastructure are
integrated.
o AWS Client VPN: Enables remote users (e.g., employees working remotely)
to securely access AWS VPC resources. It supports OpenVPN-based clients,
creating a secure tunnel to access AWS resources, such as EC2 instances.
o Transit Gateway: A fully managed central hub that connects multiple VPCs
and on-premises networks, simplifying network architecture and management,
particularly in larger environments with multiple VPCs that need to
communicate.

Implementation/ Snapshot:
Security Groups

Inbound rules for incoming requests

Networking Details
CONCLUSION:
In this lab assignment, configuring various networking and security services on AWS provided
valuable hands-on experience in building secure, scalable, and highly available cloud
environments. By setting up key services like VPC, IAM, security groups, VPNs, and leveraging
AWS’s native security tools such as AWS WAF and Shield, I gained insight into how to
safeguard cloud applications and networks while maintaining optimal performance.
Additionally, integrating on-premises systems with cloud resources using VPNs and Direct
Connect emphasized the role of secure networking in hybrid cloud architectures. As cloud
computing advances, mastering these AWS services is essential for designing secure, reliable,
and cost-effective cloud infrastructures. This experience will be crucial for developing robust
applications in professional cloud environments.