Benchmark: BP02 Control traffic at all layers


When architecting your network topology, you should examine the connectivity requirements of each component. For example, if a component requires internet accessibility (inbound and outbound), connectivity to VPCs, edge services, and external data centers. A VPC allows you to define your network topology that spans an AWS Region with a private IPv4 address range that you set, or an IPv6 address range AWS selects. You should apply multiple controls with a defense in depth approach for both inbound and outbound traffic, including the use of security groups (stateful inspection firewall), Network ACLs, subnets, and route tables. Within a VPC, you can create subnets in an Availability Zone. Each subnet can have an associated route table that defines routing rules for managing the paths that traffic takes within the subnet. You can define an internet routable subnet by having a route that goes to an internet or NAT gateway attached to the VPC, or through another VPC.


Install the mod:

mkdir dashboards
cd dashboards
powerpipe mod init
powerpipe mod install github.com/turbot/steampipe-mod-aws-well-architected

Start the Powerpipe server:

steampipe service start
powerpipe server

Open http://localhost:9033 in your browser and select BP02 Control traffic at all layers.

Run this benchmark in your terminal:

powerpipe benchmark run aws_well_architected.benchmark.well_architected_framework_sec05_bp02

Snapshot and share results via Turbot Pipes:

powerpipe benchmark run aws_well_architected.benchmark.well_architected_framework_sec05_bp02 --share