Yesterday I answered a similar question about Apache Cassandra: Securing Cassandra with TLS / SSL .
My experience was, in particular, with Amazon, if possible, to set up a VPN between your instances to ensure that everything is safe. An interesting fact that we encountered when implementing our VPN over EC2 was that the response time was faster ... We chose Vyatta and have been very pleased so far. It can be fully virtualized ... and allows us to connect between zones, regions and data centers (Amazon, not Amazon).
Another option is to use the Amazon Virtual Private Cloud :
- Create an Amazon virtual private cloud on your scalable AWS infrastructure and specify its range of private IP addresses from any range you select.
- Divide the range of private VPC IP addresses into one or more public or private subnets to facilitate the launch of applications and services on your VPC.
- Control of inbound and outbound access to and from individual subnets using network access control lists.
- Store data in Amazon S3 and set permissions so that data can only be accessed from your Amazon VPC.
- Attach Amazon Elastic IP address to any instance of your VPC so that it can be obtained directly from the Internet.
- Bridge your VPC and your IT infrastructure in place with an encrypted VPN connection, extending existing security and management policies to your VPC instances as if they were running on your infrastructure.
Vyatta has nice graphics showing how VPC and Vyatta (or any other corporate VPN solution) can connect together (as in the last paragraph above):
I do not work for Vyatta ... just as well as we managed to achieve everything that could not do without buying an expensive cisco device
sdolgy
source share