Lock down an AWS-style VPC — public/private/DB subnets, security groups, NAT GW vs IGW, IAM roles instead of keys.
Tests: Cloud network security, well-architected pillars, security groups vs NACLs, IAM least privilege — Security+ Domain 3.
Scenario
Configure security groups, NAT, IAM, and DB encryption for a 3-tier VPC deployment.
Internet talks to the ALB only. App layer talks out via NAT GW. DB has no internet path. IAM via roles.
Network Topology — Live View
ALB
public subnet
Load Balancer
Tasks
0 settings configured