Skip to main content

Network Security

VPC Architecture

Internet
    ↓
CloudFront / ALB (HTTPS only)
    ↓
Application VPC (10.2.0.0/16)
    ↓ (VPC Peering)
Database VPC (10.1.0.0/16) - NO internet access

Security Groups

RDS accepts traffic only from:

Access VPC (bastion)
Application VPC (APIs)

No Public Database

Database VPC has:

No internet gateway
No NAT gateway
Only VPC peering routes

VPC Architecture
Security Groups
No Public Database