Preventing incoming (RDP) access from AWS VPC

338 views Asked by At

I want to secure outgoing RDP connections from my AWS machines. When connecting from our company network to a machine running in a VPC via RDP all my company network drives (available on the machine within my company network) are mapped to the EC2 machine in the VPC. If I understand this correctly this means you can access files on our company servers coming from AWS. As the machines we use in AWS are self-administered this is a security problem.

I hope my problem is clear…

How could I prevent this access coming from the AWS network?

2

There are 2 answers

2
John Wheal On

Firstly, I would recommend that you use the correct tool for the job rather than a DIY solution. If I understand your problem correctly then AWS Storage Gateway is specifically designed for what you are trying to achieve.

Regarding blocking RDP access, you could simply add a firewall policy to the Security Group corresponding to the EC2 instances to block port 3389. You can also specify IP addresses/blocks of addresses to allow.

0
AudioBubble On

Network ACLs is what you want to configure to block specific outbound traffic from your VPC. They are stateless (separate rules for inbound/outbound) and apply to subnets within your VPC. Check out the following link for more detailed info:

http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_ACLs.html