METHODS OF CONNECTION TO AWS VIRTUAL SERVER LOCATED IN A PRIVATE SUBNET

Abstract

In today's world of total digitization cyber security and safe work with data in cyberspace are the most important questions. Especially this is actual for Ukraine, where the number and power of cyberattacks has increased several times over the last year. Businesses that work with private customer data become especially vulnerable. Of course, the ideal option is to place such data on servers that don’t have Internet access. But according to the global trend of moving to the cloud, it is inevitable for private data as well. And so, there is a question of protecting private data in the cloud. To this end, cloud service providers offer services to create private subnets without Internet access. Therefore, the question of how to securely access data in such subnets become actual. One of the leader’s vendors in cloud servicing is Amazon with its Web Services. Amazon offers a Virtual Private Cloud service for setting up a virtual network. The article deals with the analysis of configuration features at the stage of creation of subnets with and without Internet access. The method of connection to a virtual server, located in a private subnet, using the Secure Shell network protocol was analyzed. However, this method has a number of disadvantages. It requires to launch an additional server and its administration. The method also has quite complex settings of the network and requires managing keys. Therefore, another method of connection to private EC2 instance was proposed. The method requires Amazon Systems Manager service, which provides secure access to data without creating additional server, is cost-effective and convenient. At the same time, all connections take place over a secure channel between the Systems Manager agent and the Amazon data center. Main setting’s features for the proposed method were considered.