What are the AWS VPN connectivity options?

AWS hardware VPN You can create an IPsec, hardware VPN connection between your VPC and your remote network. On the AWS side of the VPN connection, a virtual private gateway provides two VPN endpoints for automatic failover. You configure your customer gateway, which is the physical device or software application on the remote side of the VPN connection

AWS Direct Connect AWS Direct Connect provides a dedicated private connection from a remote network to your VPC. You can combine this connection with an AWS hardware VPN connection to create an IPsec-encrypted connection.

AWS VPN CloudHub If you have more than one remote network (for example, multiple branch offices), you can create multiple AWS hardware VPN connections via your VPC to enable communication between these networks.

Software VPN You can create a VPN connection to your remote network by using an Amazon EC2 instance in your VPC that's running a software VPN appliance. AWS does not provide or maintain software VPN appliances; however, you can choose from a range of products provided by partners and open source communities. 


What are the security best practices for Amazon EC2?

- Use AWS identity and access management (IAM) to control access to your AWS resources 

- Restrict access by allowing only trusted hosts or networks to access ports on your instance 

- Review the rules in your security groups regularly 

- Only open up permissions that your require 

- Disable password-based login remote logins for root user


What is the best practice for encrypting cloud data?

Encrypt data at rest and in motion. Encrypting “in motion” is already well known to you – the standards of HTTPS/SSL and IPSEC apply equally well in the data center and in the cloud.

Encrypting “at rest” means that the data must be encrypted when it resides on a disk, in a database, on a file system, in storage, and of course if it is backed up. In the real world, people have not always done this in data centers – often relying on physical security as a replacement. In the cloud, physical security is no alternative – you must encrypt sensitive data.

This actually means data must be encrypted constantly as it is being written, and decrypted only when it is going to be used (i.e. just before a specific calculation, and only in memory). Standards such as Advanced Encryption Standard (AES) are commonly used for data encryption at rest.

Wow you made it to the end. That's all we have so far. You probably have some inside knowledge of your own. Send it our way, we'll review, and post.

You can then come back and refresh your memory, with your own...memories.