ESS 1.0 has reached end of life.

Network and Configuration Hardening#

Network Hardening#

Virtual Private Cloud (VPC)

By running ESS inside a VPC, you can ensure that all communication within the VPC is securely separated from external traffic.

Public subnets are gated by security groups and should only be able to accept traffic on ports 80 and 443.
To allow components in the private subnets to connect outside of the VPC, use a NAT gateway.

Configuration Hardening#

Use an Trusted Application Allow List to grant trust to specific applications only.
Use an Identity Provider Allow List to specify trusted Identity Providers.