METHODS OF CONNECTION TO AWS VIRTUAL SERVER LOCATED IN A PRIVATE SUBNET

Authors

  • Maryna Mamuta National Technical University of Ukraine “Igor Sikorsky Kyiv Polytechnic Institute”, Kiev
  • Igor Kravchenko National Technical University of Ukraine “Igor Sikorsky Kyiv Polytechnic Institute”, Kiev
  • Oleksandr Mamuta Institute of Physics, National Academy of Sciences of Ukraine, Kiev

DOI:

https://doi.org/10.31649/1999-9941-2023-57-2-33-42

Keywords:

AWS, Bastion Host, SSH, private subnet, endpoint, Systems Manager

Abstract

Abstract. In today's world of total digitization cyber security and safe work with data in cyberspace are the most important questions. Especially this is actual for Ukraine, where the number and power of cyberattacks has increased several times over the last year. Businesses that work with private customer data become especially vulnerable. Of course, the ideal option is to place such data on servers that don’t have Internet access. But according to the global trend of moving to the cloud, it is inevitable for private data as well. And so, there is a question of protecting private data in the cloud. To this end, cloud service providers offer services to create private subnets without Internet access. Therefore, the question of how to securely access data in such subnets become actual. One of the leader’s vendors in cloud servicing is Amazon with its Web Services. Amazon offers a Virtual Private Cloud service for setting up a virtual network. The article deals with the analysis of configuration features at the stage of creation of subnets with and without Internet access. The method of connection to a virtual server, located in a private subnet, using the Secure Shell network protocol was analyzed. However, this method has a number of disadvantages. It requires to launch an additional server and its administration. The method also has quite complex settings of the network and requires managing keys. Therefore, another method of connection to private EC2 instance was proposed. The method requires Amazon Systems Manager service, which provides secure access to data without creating additional server, is cost-effective and convenient. At the same time, all connections take place over a secure channel between the Systems Manager agent and the Amazon data center. Main setting’s features for the proposed method were considered.

Author Biographies

Maryna Mamuta , National Technical University of Ukraine “Igor Sikorsky Kyiv Polytechnic Institute”, Kiev

Cand. Sc., Senior Lecturer of the Department of Computer-Integrated Optical and Navigation Systems

Igor Kravchenko , National Technical University of Ukraine “Igor Sikorsky Kyiv Polytechnic Institute”, Kiev

Senior Lecturer of the Department of Computer-Integrated Optical and Navigation Systems

Oleksandr Mamuta , Institute of Physics, National Academy of Sciences of Ukraine, Kiev

Cand. Sc., Research Officer

References

I. V. Kravchenko, V.I. Mykytenko, Information technologies: Textbook. Kiev: Igor Sikorsky КPI, 447 p., 2022. [in Ukrainian]

AWS. Amazon Virtual Private Cloud (Amazon VPC). [Online]. Available: https://aws.amazon.com/vpc/

] John R. Vacca, Computer and Information Security Handbook [3d ed.]. Cambridge, United States, 2017.

P. Patalashko, N. Kushnirenko, “Automation of Configurating Secure Connection to Corporate Net-works”, Informatics and Mathematical Methods in Simulation, Vol. 12, №1-2, pp. 73-83, 2022. DOI: https://doi.org/10.15276/imms.v12.no1-2.73. [in Ukrainian]

IANA. IANA IPv4 Special-Purpose Address Registry. [Online]. Available : https://www.iana.org/assignments/iana-ipv4-special-registry/iana-ipv4-special-registry.xhtml

AWS. Connect to the internet using an internet gateway. [Online]. Available : https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Internet_Gateway.html

AWS. Configure route tables. [Online]. Available : https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Route_Tables.html

M. Mamuta, I. Vasylkovska, I. Kravchenko, O. Mamuta, “Methods of Connection to AWS Virtual Server Using the Secure Shell Network Protocol” in XII International conference. Modern Research in World Science, Lviv, 2023, pp. 297-301. [in Ukrainian]

AWS. Set up to connect to your instance. [Online]. Available : https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/connection-prereqs.html

Vi Editor with Commands. [Online]. Available: https://www.javatpoint.com/vi-editor

AWS. AWS Systems Manager. [Online]. Available: https://aws.amazon.com/systems-manager/

AWS. Working with SSM Agent. [Online]. Available : https://docs.aws.amazon.com/systems-manager/latest/userguide/ssm-agent.html

AWS. AWS Systems Manager Session Manager. [Online]. Available : https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager.html

AWS. Step 2. Create VPC endpoints. [Online]. Available : https://docs.aws.amazon.com/systems-manager/latest/userguide/setup-create-vpc.html#sysman-setting-up-vpc-create

AWS. AWS Identity and Access Management (IAM). [Online]. Available: https://aws.amazon.com/iam/

Downloads

Abstract views: 145

Published

2023-10-10

How to Cite

[1]
M. . Mamuta, I. . Kravchenko, and O. . Mamuta, “METHODS OF CONNECTION TO AWS VIRTUAL SERVER LOCATED IN A PRIVATE SUBNET”, ІТКІ, vol. 57, no. 2, pp. 33–42, Oct. 2023.

Issue

Vol. 57 No. 2 (2023): Information technology and computer engineering

Section

Information technology and coding theory

Metrics

Downloads

Download data is not yet available.