- Restrict Network Ingress:
We carefully orchestrated migration of all services with public IP addresses into private subnets and limited access by using proxies and load balancers. These used security groups and the AWS Web Application Firewall (WAF) to tightly control and monitor client connections.
- Increase Modularity:
Increasing modularity was another recommended deliverable so clients were not dependent on direct access to instances by IP address when those servers were not available. This restructuring provided the added benefit of modularity. By using proxies they could now move services to other instances while they performed maintenance or upgrades.
- Zero Trust Inside the Network:
We also implemented internal solutions to increase security like proxying all outbound requests and blocking those that were not in IP access lists, limiting connections between systems with security groups, adding mail relays to control email recipients, and implementing a VPN for connections to the AWS network.