Web application firewall pattern
The next pattern is not specific to the Cloud, but is important enough to mention. When securing a system it is one thing to prevent or limit access, but that is only a small scope of a much broader assessment. Suppose your database does not allow connection from anything other than the web instance that is connected to it.
While this means that no outside system can directly access the instance, it does not mean that they cannot compromise it and change that assertion. A traditional firewall or even Security Groups will never prevent behavior from individuals such as SQL injection and exploiting bugs in software. While the system administrators had a firewall rule in place of the database, someone might be able ...
Get Implementing Cloud Design Patterns for AWS now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.