avatarTeri Radichel

Free AI web copilot to create summaries, insights and extended knowledge, download it at here

9286

Abstract

dmedium.com/defining-aws-accounts-and-organizational-units-537cff5fc297"> <div> <div> <h2>Defining AWS Accounts and Organizational Units</h2> <div><h3>ACM.180 Defining accounts and organizational units based on by trust boundaries and roles to protect critical assets</h3></div> <div><p>medium.com</p></div> </div> <div> <div style="background-image: url(https://miro.readmedium.com/v2/resize:fit:320/1*RZ3Oj78vssbTg_Mut7LxSQ.png)"></div> </div> </div> </a> </div><div id="ad53" class="link-block"> <a href="https://readmedium.com/aws-vpc-with-a-nat-1a1253f93b4b"> <div> <div> <h2>AWS VPC with a NAT</h2> <div><h3>ACM.269 Setting up a NAT to allow outbound Internet Access From a Private VPC</h3></div> <div><p>medium.com</p></div> </div> <div> <div style="background-image: url(https://miro.readmedium.com/v2/resize:fit:320/1*SHuTSF4mzKG15jmOPCXcyw.png)"></div> </div> </div> </a> </div><div id="f43f" class="link-block"> <a href="https://readmedium.com/aws-transit-gateway-with-a-nat-and-network-security-options-38e784efd62e"> <div> <div> <h2>AWS Transit Gateway with a NAT and Network Security Options</h2> <div><h3>ACM.270 AWS Network Firewall, Packet Mirroring, and Open Source IDS and IPS</h3></div> <div><p>medium.com</p></div> </div> <div> <div style="background-image: url(https://miro.readmedium.com/v2/resize:fit:320/0*j1S15gsHwVdEV5SC.jpg)"></div> </div> </div> </a> </div><div id="6817" class="link-block"> <a href="https://readmedium.com/architecture-with-transit-gateway-in-an-aws-organization-ee1c218ed469"> <div> <div> <h2>Architecture with Transit Gateway in an AWS Organization</h2> <div><h3>ACM.271 There’s no one size fits all solution — design according to your business requirements</h3></div> <div><p>medium.com</p></div> </div> <div> <div style="background-image: url(https://miro.readmedium.com/v2/resize:fit:320/1*c7mTTFfkbAV1yDyr9A4yoQ.png)"></div> </div> </div> </a> </div><div id="ea68" class="link-block"> <a href="https://readmedium.com/cloudformation-micro-templates-ae70236ae2d1"> <div> <div> <h2>CloudFormation Micro-Templates</h2> <div><h3>ACM.285 Why I put a single resource in each CloudFormation template</h3></div> <div><p>medium.com</p></div> </div> <div> <div style="background-image: url(https://miro.readmedium.com/v2/resize:fit:320/0*IH6BmmXGmtvfqPTq.png)"></div> </div> </div> </a> </div><div id="7a59" class="link-block"> <a href="https://readmedium.com/thinking-about-aws-cloudformation-languagetransformations-14c6c584bd8e"> <div> <div> <h2>Thinking About CloudFormation LanguageTransformations</h2> <div><h3>ACM.293 The implications of letting someone rewrite your code</h3></div> <div><p>medium.com</p></div> </div> <div> <div style="background-image: url(https://miro.readmedium.com/v2/resize:fit:320/0*f9QQ7ydGGksS3kaV.png)"></div> </div> </div> </a> </div><div id="d8c5" class="link-block"> <a href="https://readmedium.com/organizational-hierarchies-and-policies-in-aws-azure-and-gcp-3de512468201"> <div> <div> <h2>Organizational Hierarchies and Policies in AWS, Azure, and GCP</h2> <div><h3>Multicloud.5 Accounts, OUs, Subscriptions, Tenants, Folders and Projects</h3></div> <div><p>medium.com</p></div> </div> <div> <div style="background-image: url(https://miro.readmedium.com/v2/resize:fit:320/1*IJWNUteUkdUxtLS4WdV38A.png)"></div> </div> </div> </a> </div><p id="d06b">I’ve also compared and contrasted services you might choose when designing a cloud architecture.</p><div id="2fc1" class="link-block"> <a href="https://readmedium.com/aws-secrets-manager-vs-ssm-parameter-store-a765fe09f5f0"> <div> <div> <h2>AWS Secrets Manager vs. SSM Parameter Store</h2> <div><h3>ACM.119 Choosing where to store secrets and configuration data</h3></div> <div><p>medium.com</p></div> </div> <div> <div style="background-image: url(https://miro.readmedium.com/v2/resize:fit:320/1*Hystewhpx81kPYGDgJxW-w.png)"></div> </div> </div> </a> </div><div id="07c0" class="link-block"> <a href="https://readmedium.com/aws-nitro-enclaves-and-tpms-14fe05dce2ff"> <div> <div> <h2>AWS Nitro Enclaves and TPMs</h2> <div><h3>ACM.80 Protecting data and encryption keys in memory and in use</h3></div> <div><p>medium.com</p></div> </div> <div> <div style="background-image: url(https://miro.readmedium.com/v2/resize:fit:320/1*jALN48mXstEmeGauoIjACg.png)"></div> </div> </div> </a> </div><h2 id="2d05">Route traffic through AWS for security and inspection</h2><p id="2f8f">Here’s a mini-series on setting up your home or business traffic to flow through AWS for inspection. Still adding all the stories to show how to do it.</p><div id="88c4" class="link-block"> <a href="https://readmedium.com/how-to-route-your-home-network-or-business-network-traffic-through-aws-and-why-30d5a5f0c225"> <div> <div> <h2>How to Route Your Home Network or Business Network Traffic Through AWS and Why</h2> <div><h3>ACM.464 pfSense > AWS Site to Site VPN > Transit Gateway > NAT > Internet</h3></div> <div><p>medium.com</p></div> </div> <div> <div style="background-image: url(https://miro.readmedium.com/v2/resize:fit:320/1*9swAZ-8VM6-skOpnzXrKfQ.png)"></div> </div> </div> </a> </div><div id="2a51" class="link-block"> <a href="https://readmedium.com/configuring-the-vpc-and-vpc-flow-logs-for-an-aws-site-to-site-pfsense-vpn-9bcf56a1e5e6"> <div> <div> <h2>Configuring the VPC and VPC Flow Logs for an AWS Site to Site pfSense VPN</h2> <div><h3>ACM.465 Creating a VPC to connect our pfSense to via a VPN and configuring logging to inspect the related network…</h3></div> <div><p>medium.com</p></div> </div> <div> <div style="background-image: url(https://miro.readmedium.com/v2/resize:fit:320/1*x1ob0B-V-x5OhC8SGMvn1w.png)"></div> </div> </div> </a> </div><div id="8efb" class="link-block"> <a href="https://readmedium.com/aws-credentials-and-roles-for-the-pfsense-vpn-wizard-0d4e7f816dd4"> <div> <div> <h2>AWS Credentials and Roles for the pfSense VPN Wizard</h2> <div><h3>ACM.466 Also, why I’m not going to use this wizard</h3></div> <div><p>medium.com</p></div> </div> <div> <div style="background-image: url(https://miro.readmedium.com/v2/resize:fit:320/1*gm-2Hb5ia0LvBrOmIKafbQ.png)"></div> </div> </div> </a> </div><div id="a592" class="link-block"> <a href="https://readmedium.com/calculating-the-cost-of-an-aws-architecture-plus-a-region-security-warning-ce639faec80b"> <div> <div> <h2>Calculating the Cost of An AWS Architecture plus a Region Security Warning</h2> <div><h3>ACM.467 Looking at the cost of resources on AWS for a private network</h3></div> <div><p>medium.com</p></div> </div> <div> <div style="background-image: url(https://miro.readmedium.com/v2/resize:fit:320/1*qLUW-e0v49hKpORhjBIlwQ.png)"></div> </div> </div> </a> </div><div id="000a" class="link-block"> <a href="https://readmedium.com/creating-an-aws-site-to-site-vpn-for-pfsense-with-a-virtual-private-gateway-7c2e13b1f15d"> <div> <div> <h2>Creating an AWS Site to Site VPN for pfSense with a Virtual Private Gateway</h2> <div><h3>ACM.468 Configuring specific encryption options to prevent

Options

downgrade attacks</h3></div> <div><p>medium.com</p></div> </div> <div> <div style="background-image: url(https://miro.readmedium.com/v2/resize:fit:320/1*v-HXPlQK1kLiYX7oTV-Ofg.png)"></div> </div> </div> </a> </div><div id="707b" class="link-block"> <a href="https://readmedium.com/test-sending-traffic-from-a-load-balancer-to-a-nat-gateway-f968c25cfb15"> <div> <div> <h2>Test Sending Traffic From a Load Balancer To A NAT Gateway</h2> <div><h3>ACM.469 Spoiler Alert: Q told me I could do this but I can’t :( but this might help someone trying to set up a network…</h3></div> <div><p>medium.com</p></div> </div> <div> <div style="background-image: url(https://miro.readmedium.com/v2/resize:fit:320/1*-MfMczJVR8SDAHZ5L7E6mQ.png)"></div> </div> </div> </a> </div><div id="52c2" class="link-block"> <a href="https://readmedium.com/sending-traffic-from-pfsense-to-a-site-to-site-vpn-to-a-vgw-to-a-nat-in-aws-08f85bc64970"> <div> <div> <h2>Sending Traffic From pfSense to a Site to Site VPN to a VGW to a NAT in AWS</h2> <div><h3>ACM.470 Another thing Q told me I could do but not allowed</h3></div> <div><p>medium.com</p></div> </div> <div> <div style="background-image: url(https://miro.readmedium.com/v2/resize:fit:320/1*CXsncM1EmXGrj4y4uHxvDA.png)"></div> </div> </div> </a> </div><div id="a518" class="link-block"> <a href="https://readmedium.com/subnets-and-routes-for-a-public-nat-943db10cf01f"> <div> <div> <h2>Subnets And Routes For a Public NAT</h2> <div><h3>ACM.471 Setting up proper routing to leverage a NAT to reach the Internet on AWS; Avoid traffic dropped due to…</h3></div> <div><p>medium.com</p></div> </div> <div> <div style="background-image: url(https://miro.readmedium.com/v2/resize:fit:320/1*n78nOJMZkxWscIhSbncxwQ.png)"></div> </div> </div> </a> </div><div id="6c44" class="link-block"> <a href="https://readmedium.com/configure-a-transit-gateway-to-route-traffic-from-a-site-to-site-vpn-to-a-nat-d56561c43f8d"> <div> <div> <h2>Configure a Transit Gateway To Route Traffic From A Site To Site VPN to a NAT</h2> <div><h3>ACM.472 Get the routing right or packets will mysteriously disappear</h3></div> <div><p>medium.com</p></div> </div> <div> <div style="background-image: url(https://miro.readmedium.com/v2/resize:fit:320/1*gCnpE-SpCAZFLwtgGdUnGw.png)"></div> </div> </div> </a> </div><p id="9fba">Related to the above posts — some issues I had while trying to implement that solution:</p><div id="2650" class="link-block"> <a href="https://readmedium.com/concatenate-contiguous-ip-ranges-in-its-ip-list-awswishlist-c68fb9db080e"> <div> <div> <h2>Concatenate Contiguous IP Ranges in Its IP List #awswishlist</h2> <div><h3>See example here and related blog post for why</h3></div> <div><p>medium.com</p></div> </div> <div> <div style="background-image: url(https://miro.readmedium.com/v2/resize:fit:320/1*ZqnJ4UQ6v0xEzNKTb25thg.png)"></div> </div> </div> </a> </div><div id="8189" class="link-block"> <a href="https://readmedium.com/aws-routing-logs-and-error-messages-awswishlist-d76fa8898a1f"> <div> <div> <h2>AWS Routing Logs and Error Messages #awswishlist</h2> <div><h3>ACM.463 The routing mystery that would be much easier to solve with a “No Route To Host” error message</h3></div> <div><p>medium.com</p></div> </div> <div> <div style="background-image: url(https://miro.readmedium.com/v2/resize:fit:320/1*DDq3lWoqh4M4sNJuu0RyaA.png)"></div> </div> </div> </a> </div><p id="4ceb">You may also want to check out my security related posts which cover some aspects of network security architecture.</p><p id="4212">Network Security:</p><div id="530a" class="link-block"> <a href="https://readmedium.com/network-security-68e1f26db9df"> <div> <div> <h2>Network Security</h2> <div><h3>Blog posts, papers, and articles on Network Security by Teri Radichel</h3></div> <div><p>medium.com</p></div> </div> <div> <div style="background-image: url(https://miro.readmedium.com/v2/resize:fit:320/1*v_31SwDbGzO2jZk7HfOKEw.png)"></div> </div> </div> </a> </div><p id="6e6e">AWS Security:</p><div id="25a8" class="link-block"> <a href="https://readmedium.com/aws-security-8a038e16e1f1"> <div> <div> <h2>AWS Security</h2> <div><h3>A compilation of stories written about AWS by Teri Radichel</h3></div> <div><p>medium.com</p></div> </div> <div> <div style="background-image: url(https://miro.readmedium.com/v2/resize:fit:320/1*WB2nq8sNjaM_Uy9_PTtkLA.png)"></div> </div> </div> </a> </div><p id="884e">Azure Security:</p><div id="e1f4" class="link-block"> <a href="https://readmedium.com/azure-security-7d3f68d9ae1c"> <div> <div> <h2>Azure Security</h2> <div><h3>Posts on Azure Security by Teri Radichel</h3></div> <div><p>medium.com</p></div> </div> <div> <div style="background-image: url(https://miro.readmedium.com/v2/resize:fit:320/1*1Z1kIEwpeqLydmZXwNiCLg.png)"></div> </div> </div> </a> </div><p id="2dfc">Google Security:</p><div id="9932" class="link-block"> <a href="https://readmedium.com/google-security-43ab82156840"> <div> <div> <h2>Google Security</h2> <div><h3>Blog posts by Teri Radichel on Google, Google Cloud Platform (GCP), Chrome, Gmail and Google Workspace Security</h3></div> <div><p>medium.com</p></div> </div> <div> <div style="background-image: url(https://miro.readmedium.com/v2/resize:fit:320/1*3DvMQ0q9YCMv68LH4Ql4FA.png)"></div> </div> </div> </a> </div><p id="e51f">Okta and IDP:</p><div id="e00b" class="link-block"> <a href="https://readmedium.com/okta-47e01f3fc94"> <div> <div> <h2>Okta</h2> <div><h3>Stories related to Okta by Teri Radichel</h3></div> <div><p>medium.com</p></div> </div> <div> <div style="background-image: url(https://miro.readmedium.com/v2/resize:fit:320/0*jpBYYNaOChPPyF4H.png)"></div> </div> </div> </a> </div><p id="835f">Follow for updates.</p><p id="4a3a">Teri Radichel | <i>© <a href="https://2ndsightlab.com/?source=post_page---------------------------">2nd Sight Lab</a> 2022</i></p><div id="8b5f"><pre><span class="hljs-section">About Teri Radichel:

⭐️ Author: Cybersecurity Books
⭐️ Presentations: Presentations by Teri Radichel
⭐️ Recognition: SANS Award, AWS Security Hero, IANS Faculty
⭐️ Certifications: SANS ~ GSE 240
⭐️ Education: BA Business, Master of Software Engineering, Master of Infosec
⭐️ Company: Penetration Tests, Assessments, Phone Consulting ~ 2nd Sight Lab</pre></div><div id="caae"><pre><span class="hljs-section">Need Help With Cybersecurity, Cloud, or Application Security?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~</span>
🔒 Request a penetration test or security assessment
🔒 Schedule a consulting call
🔒 Cybersecurity Speaker for Presentation</pre></div><div id="5a42"><pre>Follow <span class="hljs-keyword">for</span> more stories like <span class="hljs-keyword">this</span>:

❤️ Sign Up my Medium Email List ❤️ Twitter: <span class="hljs-meta">@teriradichel</span> ❤️ LinkedIn: https:<span class="hljs-comment">//www.linkedin.com/in/teriradichel</span> ❤️ Mastodon: <span class="hljs-meta">@teriradichel</span><span class="hljs-meta">@infosec</span>.exchange ❤️ Facebook: 2nd Sight Lab ❤️ YouTube: @2ndsightlab</pre></div><figure id="faf5"><img src="https://cdn-images-1.readmedium.com/v2/resize:fit:800/0*H9Ew1KCl-29nZiPR.jpeg"><figcaption></figcaption></figure></article></body>

Cloud Security Architecture

A compilation of blog posts by Teri Radichel on Cloud Security Architecture

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

⚙️ Check out my series on Automating Cybersecurity Metrics. The Code.

🔒 Related Stories: AWS Security | Cloud Security Architecture

💻 Free Content on Jobs in Cybersecurity | ✉️ Sign up for the Email List

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

This blog is a summary of my posts on Cloud Security Architecture. I’m trying to create some blogs to organize what I’ve written on various topics a bit better.

If you need help with cloud security architecture or need your architecture reviewed you can schedule a call with me through IANS Research. I’m currently focusing on AWS in my latest blog series but teach AWS, Azure and GCP cloud security classes. Although taking classes directly from a cloud vendor is great — I’ve done it — you will hear things in my classes you won’t hear from a cloud vendor from a customer perspective.

In my recent blog series I’m building a cloud architecture from the ground up. I have some tools I need to build and use for my own purposes so I thought I would share what I’m doing along the way. It’s a hands on approach to some of the things I talk about in my classes and includes a related GitHub repository where I publish the code. I hope to expand this to other cloud platforms in the future if time allows.

I’ve also compared and contrasted services you might choose when designing a cloud architecture.

Route traffic through AWS for security and inspection

Here’s a mini-series on setting up your home or business traffic to flow through AWS for inspection. Still adding all the stories to show how to do it.

Related to the above posts — some issues I had while trying to implement that solution:

You may also want to check out my security related posts which cover some aspects of network security architecture.

Network Security:

AWS Security:

Azure Security:

Google Security:

Okta and IDP:

Follow for updates.

Teri Radichel | © 2nd Sight Lab 2022

About Teri Radichel:
~~~~~~~~~~~~~~~~~~~~
⭐️ Author: Cybersecurity Books
⭐️ Presentations: Presentations by Teri Radichel
⭐️ Recognition: SANS Award, AWS Security Hero, IANS Faculty
⭐️ Certifications: SANS ~ GSE 240
⭐️ Education: BA Business, Master of Software Engineering, Master of Infosec
⭐️ Company: Penetration Tests, Assessments, Phone Consulting ~ 2nd Sight Lab
Need Help With Cybersecurity, Cloud, or Application Security?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
🔒 Request a penetration test or security assessment
🔒 Schedule a consulting call
🔒 Cybersecurity Speaker for Presentation
Follow for more stories like this:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
❤️ Sign Up my Medium Email List
❤️ Twitter: @teriradichel
❤️ LinkedIn: https://www.linkedin.com/in/teriradichel
❤️ Mastodon: @teriradichel@infosec.exchange
❤️ Facebook: 2nd Sight Lab
❤️ YouTube: @2ndsightlab
Cloud Security
Cloud Architecture
Cybersecurity
Security Architecture
Topics
Recommended from ReadMedium
avatarLets Learn Now
Ultimate AWS Cheatsheet for your certification(All-In-One)

PART-4(CDN)

2 min read
avatarAbhishek Ashtekar
DeepSeek-R1: EASIEST WAY To Learn To Code in 2025

How to Start Coding 2025? An Ultimate Guide!

6 min read
avatarBaivab Mukhopadhyay
5 Hands-On Projects to Land a Cloud DevOps Job on Azure

After reviewing countless successful resumes from candidates who landed roles at MAANG (Meta, Amazon, Apple, Netflix, and Google), I’ve…

6 min read
avatarMallikarjun Pasupuleti
How to Integrate Payment Gateways in Your Web Application: A Step-by-Step Guide

In today’s digital era, accepting payments online is essential for businesses. Whether you’re running an e-commerce store, offering…

4 min read
avatarRudraksh
Advanced AWS Security Practices for Cloud-Native Applications

As cloud computing continues to grow in popularity, more businesses are adopting cloud-native applications. These applications are built…

6 min read
avatarClive Thompson
The Devious Genius of “Prompt Injection Attacks”

An old trick, revamped for the new age of AI

6 min read