Problem scenario
A user has no access to a VPC from her workstation. What are three ways a user can be given access to resources in a VPC?
Four Possible, Independent Solutions
- Network Access Control lists. These are IP address firewalls for the VPCs themselves. Based on the IP address of the user's workstation, Network Access Control lists can allow or disallow traffic to the VPC.
- Security Groups. These are two-way firewalls that have inbound and outbound rules for EC-2 instances and other AWS components. Based on the IP address of the user's workstation, the Security Group and can allow traffic to the VPC.
- AWS Active Directory Services. If your enterprise has Windows desktops, you can use AWS Active Directory Services. The centralized authentication can allow or disallow the user from gaining access to a VPC. To learn more, see this link https://aws.amazon.com/directoryservice/
- On-premise routers and firewalls that do not allow connectivity to the internet or to AWS VPCs.