DNS…Need Security…Call Me…Need a Route 53 Service…Call me…
Whenever you need me……call me….
But lets get to work!
The New York Gazette has reached out to Reginald Bratton INC. They are a top rated newspaper and they are wanting to vet sources/stories and keep their valuable testimonials secure inside the cloud. The New York Gazette is covering a class action lawsuit and they are going to need all of the confidentiality for their sources. We are going to use Amazon Route 53 today and use a bastion host to connect to their internal server for our client.
Follow me as we complete our missions through AWS Cloud Quest
Lets iron out some details and get more insight:
You can have a private host and a public host, we are using private for security of the info placed in the cloud (newspaper company needs privacy for their sources)
A bastion host is a server used to manage access to an internal or private network from an external network — sometimes called a jump box or jump server. Because bastion hosts often sit on the Internet, they typically run a minimum amount of services in order to reduce their attack surface. (public vs private host) for accessibility.
Privacy at its finest…if you want your server more secure use Route 53 to set up the private zone. You could also use a public zone if you were wanting public access as well.
Quick behind the scenes action:
In your VPC your employees will type in thewhitepaper.internal.news.org and that goes through the bastion host for internal private hosting to protect the confidentiality of the info. The request is then sent to the internal news server but the domain name thewhitepaper.internal.news.org is translated into a IP address. Says request because you are making a request when you type in a domain name(website).
We are going to visit what the CNAME is a little later, just hold tight
Our business solution that we have helped the New York Gazette protect their confidentiality of the sources for the class action lawsuit they are covering in the State of New York.
Start with EC2:
Save that IP address
Now we are needing to connect to the bastion host…private not pubic for our mission
You connect to instances through using the SSH…yes this is a question on the AWS CCP exam!
As soon as your connect systems manager will open
This is where you can ping your server/resources to ensure they up and running.
example…
ping 10.10.1.117
ping thewhitepaper.internal.news.org
Head over to Route 53 (not pictured)
Now you can visually see public and private hosting zones
A hosted zone is a container of records that define how traffic will be routed, on the internet or withing a VPC
Now I need to decide what VPC I will be using and my region.
We have configured a local hosted zone to provide domain names internal to your VPC. This is helping the New York Gazette decide how they would like to route the traffic. We routed the traffic to a private zone for confidentiality of the sources for the class action lawsuit but there is an option to use a public hosting zone if you had a website that you need accessible to the public internet.
DIY:
To take things a step further we are going to do a few things
Look no further we are going to make this look easy:
Press create record
You will need to name the record…database…then you need a CNAME…with your CNAME that will allow you to type in thewhitepaper.news.org in the value column…look below
You have to type in the website and route 53 translates that into a IP address. To point your record you would need to do this. Do not input your IP address and expect that to complete your routing.
Above we accomplished both activities!
Create CNAME record database.internal.news.org
Point the new CNAME record to thewhitepaper.internal.news.org