Chapter 5. Secure Networking
When designing networks in the cloud, the topologies are defined by software rather than the physical structure within the data centers. All three cloud providers allow you to define your own private networks, which you can then share or connect together to enable connectivity between disparate teams and applications. You can then subdivide these private networks into subnetworks, often shortened to subnets. Once the subnets are defined, how the clouds allow you to implement networking begins to vary, as you will see in the recipes in this chapter.
Building scalable, enterprise-level network topologies is possible on all three CSPs, and they all provide a variety of on-premises connectivity options. In this chapter, you will see how to build base networks that enable your traffic flow patterns, allow engineers to SSH and remote desktop protocol (RDP) onto machines using IAM for authentication rather than long-lived keys, build estate-wide network topologies to enable east-west and north-south traffic, build patterns for exposing applications to the internet, and provide private access to services.
Note
The wider technology industry is currently converging on the idea of zero-trust networking, which is where identity, not network address, is the primary currency for determining visibility and access.
Using IP addresses as the base of your network security is useful as a coarse-grained, defense-in-depth approach, but you should use higher-level resources ...
Get Cloud Native Security Cookbook now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
