For our requirements, we will create two security groups: one for the EC2 instance and the other for the RDS MySQL instance.
- From the EC2 dashboard, click on the Security Groups link from the navigation pane link and then click on the Create Security Group button:
- Create a security group for EC2 instances to allow the following:
- Web traffic from any IP address on port 8080 (default Tomcat server port)
- SSH traffic for remote login from any IP address.
- ICMP traffic to ping the EC2 instance from public internet.
- Create a security group for MySQL RDS instances to allow access from the internet. In our example, we can configure direct access to the databases from our development environment. This makes it is easy to make frequent changes and monitor the database without logging in to the EC2 instance, or setting up complex SSH tunnels. In addition, there is the added advantage of not having to install a local MySQL server on your development machine. For your real life AWS environments, it is recommended to allow database access only from within VPC.
- Select Anywhere from the Source and 0.0.0.0/0 to allow access from any IP address. If you have a static IP address from your ISP, you can enter it here to allow access to all machines from your static IP address, only. If you have dynamic IP address, then you will need to update this rule to the most recent. The figure here displays the list of security groups and the details of the RDS security group.
