Читать книгу Cyber Security and Network Security - Группа авторов - Страница 31

A specific virtual private network is required to be configured for the application spanning two or more availability zones for higher availability and application reliability. One public subnet and two private subnets need to be launched for each of the availability zone that we have accounted for. Private subnets would contain the user access and data, and the storage services and only the web application instances that are launched into the public subnet would be allowed to access. The application instances would be able to access the services provisioned into the private subnets through the private endpoints which are not exposed to the public internet. Thus, all the user/application data residing in the system cannot be accessed without prior authentication and authorization through the public endpoint.