One of the pillars of the AWS Well-Architected Framework is ‘Security.’ It is essential to ensure that our virtual machines, databases, and applications are always maximally protected. We use different passwords for various applications and databases, and we want to minimize the attack surface of our application as much as possible.
The attack surface refers to points that could become entry points or positions that can be targeted by potential attackers. For each Lightsail virtual machine, we want to close as many ports as possible without disrupting availability to minimize the potential access points for attackers.
We need to understand how to work with our Lightsail virtual machines. To communicate with our virtual machines, we use Entê or Putty SSH through the Terminal or use the SSH console in the browser. We need port 22 open for this. However, after configuring our applications, we should close port 22 to enhance security for our virtual machine. Port 22 can be opened when needed for login and further configuration.
We will start with WordPress.
On the Instance tab, click on Workshop-WordPress.
Click on Networking.
Scroll down to the ‘IPv4 Firewall’ section and click on the ‘Modify’ icon next to ‘SSH.’
Here, you can restrict access to Port 22 in several ways:
Since we no longer need to log in to our instance, we will remove all access to Port 22.
Repeat the above steps.
We will repeat similar steps for PrestaShop and Akaunting.