{"id":3053,"date":"2019-08-31T11:39:14","date_gmt":"2019-08-31T11:39:14","guid":{"rendered":"https:\/\/www.testpreptraining.com\/tutorial\/?page_id=3053"},"modified":"2020-05-01T11:26:13","modified_gmt":"2020-05-01T11:26:13","slug":"egress-only","status":"publish","type":"page","link":"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-security-specialty\/egress-only\/","title":{"rendered":"Egress only"},"content":{"rendered":"\n<ul class=\"wp-block-list\"><li>Ingress refers to enter in device or property <\/li><li>Egress refers to leave a device or property. <\/li><li>Data flows enter network or device by ingress\ninterface and leave by egress interface<\/li><li>Egress allows only outbound traffic<\/li><li>Egress only is needed to <ul><li>Risk\nof internal user communicate with unauthorized external host<\/li><\/ul><\/li><li>Egress control in AWS VPC can be done by using\nvarious capabilities <\/li><\/ul>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter\"><img loading=\"lazy\" decoding=\"async\" width=\"357\" height=\"252\" src=\"https:\/\/www.testpreptraining.ai\/tutorial\/wp-content\/uploads\/2019\/09\/image-150.png\" alt=\"\" class=\"wp-image-3740\"\/><\/figure><\/div>\n\n\n\n<p><strong>Subnet-Level Routing Rules<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>VPC has subnet route tables <\/li><li>route tables specify rules to control data\ntraffic flow in or out of VPC<\/li><li>Every subnet can have different traffic routing\nrules. <\/li><li>Bifurcate public-facing EC2 instance needing\ninternet access, during VPC subnet design<\/li><li>public-facing EC2 instance usually includes<ul><li>public\nload balancers<\/li><\/ul><ul><li>proxy\nservers<\/li><\/ul><ul><li>network\ngateways <\/li><\/ul><\/li><li>For non public-facing EC2 instance <ul><li>should\nnot have internet access <\/li><\/ul><ul><li>be\nin private subnets<\/li><\/ul><ul><li>their\negress should point to outbound network gateways having routing rules<\/li><\/ul><ul><li>usually\nincludes<ul><li>application\nservers<\/li><\/ul><ul><li>database\nservers <\/li><\/ul><\/li><\/ul><\/li><\/ul>\n\n\n\n<p><strong>Security Groups <\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>similar to a virtual firewall for to and fro\ntraffic for VPC<\/li><li>act on instance level only <\/li><li>not applicable on subnet<\/li><li>assign a maximum of five security groups to the\ninstance<\/li><li>instance in subnet can be assigned different\nsecurity groups<\/li><li>default security group for instance is that of\nthe VPC<\/li><li>specify only allow rules and not deny rules in\nsecurity group<\/li><li>They are specified to network interfaces like\neth0<\/li><li>can be changed for the interface<\/li><\/ul>\n\n\n\n<p>Network ACLs<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>ACL is ordered list of rules<\/li><li>Each rule is numbered<\/li><li>Highest number in a ACL is 32766<\/li><li>Every VPC has a default network ACL which can be changed<\/li><li>The default ACL allow all inbound and outbound IPv4 and IPv6 traffic. <\/li><li>It is assigned to a subnet<\/li><li>The default custom ACL denies all traffic<\/li><li>Every subnet has one ACL<\/li><li>ACL can be assigned to multiple subnets<\/li><li>ACL rule has the form <ul><li>Rule number<\/li><\/ul><ul><li>Protocol<\/li><\/ul><ul><li>CIDR and port number of source and destination<\/li><\/ul><ul><li>ALLOW or DENY<\/li><\/ul><\/li><li>Default ACL has a rule with \u2018*\u2019 as number to deny non-matching traffic<\/li><li>Example below, allows traffic from PC with IP 172.31.1.2\/32 <\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image\"><img loading=\"lazy\" decoding=\"async\" width=\"611\" height=\"354\" src=\"https:\/\/www.testpreptraining.ai\/tutorial\/wp-content\/uploads\/2019\/09\/image-151.png\" alt=\"\" class=\"wp-image-3742\"\/><\/figure>\n\n\n\n<p><strong>VPC Flow Logs<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>VPC feature to capture IP traffic moving on a network interface in VPC<\/li><li>Log data is stored using Cloudwatch Logs<\/li><li>Flexibility to be created at 3 levels &#8211; VPC, Subnet and Network Interface <\/li><li>Logs can also be configured to stream to other AWS services<\/li><li>Flow log, tagging is not allowed<\/li><li>Once created, its configuration cannot be altered<\/li><li>Few IP traffic is monitored. Is not monitored like DHCP, DNS server, etc. <\/li><\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Ingress refers to enter in device or property Egress refers to leave a device or property. Data flows enter network or device by ingress interface and leave by egress interface Egress allows only outbound traffic Egress only is needed to Risk of internal user communicate with unauthorized external host Egress control in AWS VPC can&#8230;<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":2474,"menu_order":29,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_acf_changed":false,"footnotes":""},"categories":[2],"tags":[7,530],"class_list":["post-3053","page","type-page","status-publish","hentry","category-amazon-aws","tag-aws","tag-egress-only"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.1 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Egress only - Testprep Training Tutorials<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-security-specialty\/egress-only\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Egress only - Testprep Training Tutorials\" \/>\n<meta property=\"og:description\" content=\"Ingress refers to enter in device or property Egress refers to leave a device or property. Data flows enter network or device by ingress interface and leave by egress interface Egress allows only outbound traffic Egress only is needed to Risk of internal user communicate with unauthorized external host Egress control in AWS VPC can...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-security-specialty\/egress-only\/\" \/>\n<meta property=\"og:site_name\" content=\"Testprep Training Tutorials\" \/>\n<meta property=\"article:modified_time\" content=\"2020-05-01T11:26:13+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.testpreptraining.ai\/tutorial\/wp-content\/uploads\/2019\/09\/image-150.png\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-security-specialty\/egress-only\/\",\"url\":\"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-security-specialty\/egress-only\/\",\"name\":\"Egress only - Testprep Training Tutorials\",\"isPartOf\":{\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#website\"},\"datePublished\":\"2019-08-31T11:39:14+00:00\",\"dateModified\":\"2020-05-01T11:26:13+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-security-specialty\/egress-only\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-security-specialty\/egress-only\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-security-specialty\/egress-only\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.testpreptraining.ai\/tutorial\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"AWS Certified Security Specialty\",\"item\":\"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-security-specialty\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Egress only\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#website\",\"url\":\"https:\/\/www.testpreptraining.ai\/tutorial\/\",\"name\":\"Testprep Training Tutorials\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.testpreptraining.ai\/tutorial\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#organization\",\"name\":\"Testprep Training\",\"url\":\"https:\/\/www.testpreptraining.ai\/tutorial\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.testpreptraining.com\/tutorial\/wp-content\/uploads\/2020\/07\/tpt-logo-6.png\",\"contentUrl\":\"https:\/\/www.testpreptraining.com\/tutorial\/wp-content\/uploads\/2020\/07\/tpt-logo-6.png\",\"width\":583,\"height\":153,\"caption\":\"Testprep Training\"},\"image\":{\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#\/schema\/logo\/image\/\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Egress only - Testprep Training Tutorials","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-security-specialty\/egress-only\/","og_locale":"en_US","og_type":"article","og_title":"Egress only - Testprep Training Tutorials","og_description":"Ingress refers to enter in device or property Egress refers to leave a device or property. Data flows enter network or device by ingress interface and leave by egress interface Egress allows only outbound traffic Egress only is needed to Risk of internal user communicate with unauthorized external host Egress control in AWS VPC can...","og_url":"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-security-specialty\/egress-only\/","og_site_name":"Testprep Training Tutorials","article_modified_time":"2020-05-01T11:26:13+00:00","og_image":[{"url":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-content\/uploads\/2019\/09\/image-150.png"}],"twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-security-specialty\/egress-only\/","url":"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-security-specialty\/egress-only\/","name":"Egress only - Testprep Training Tutorials","isPartOf":{"@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#website"},"datePublished":"2019-08-31T11:39:14+00:00","dateModified":"2020-05-01T11:26:13+00:00","breadcrumb":{"@id":"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-security-specialty\/egress-only\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-security-specialty\/egress-only\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-security-specialty\/egress-only\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.testpreptraining.ai\/tutorial\/"},{"@type":"ListItem","position":2,"name":"AWS Certified Security Specialty","item":"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-security-specialty\/"},{"@type":"ListItem","position":3,"name":"Egress only"}]},{"@type":"WebSite","@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#website","url":"https:\/\/www.testpreptraining.ai\/tutorial\/","name":"Testprep Training Tutorials","description":"","publisher":{"@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.testpreptraining.ai\/tutorial\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#organization","name":"Testprep Training","url":"https:\/\/www.testpreptraining.ai\/tutorial\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#\/schema\/logo\/image\/","url":"https:\/\/www.testpreptraining.com\/tutorial\/wp-content\/uploads\/2020\/07\/tpt-logo-6.png","contentUrl":"https:\/\/www.testpreptraining.com\/tutorial\/wp-content\/uploads\/2020\/07\/tpt-logo-6.png","width":583,"height":153,"caption":"Testprep Training"},"image":{"@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#\/schema\/logo\/image\/"}}]}},"_links":{"self":[{"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/pages\/3053","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/comments?post=3053"}],"version-history":[{"count":4,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/pages\/3053\/revisions"}],"predecessor-version":[{"id":5141,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/pages\/3053\/revisions\/5141"}],"up":[{"embeddable":true,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/pages\/2474"}],"wp:attachment":[{"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/media?parent=3053"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/categories?post=3053"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/tags?post=3053"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}