Security groups

The traffic between the instances is governed by the ingress (inbound) and egress (outbound) rules defined in the security groups. Listed here are recommended security groups and their inbound and outbound rules. Please refer to Chapter 2, How Are Cloud Applications Different?, for how to create security groups.

ELB Security Group Recommended Rules: Apply this security group to the ELB.

  • Inbound:

Source (CIDR)

Protocol

Port Range

Comments

0.0.0.0/0

TCP

8080

Accept HTTP traffic from anywhere.

0.0.0.0/0

TCP

8443

Accept HTTPS traffic from anywhere.

  • Outbound:

Destination (CIDR)

Protocol

Port Range

Comments

ID of Web security group

TCP

8080

Route HTTP traffic to instances that have a web security group assigned.

ID of Web security group

TCP

8443

Route HTTPS traffic to instances that have a web security group assigned.

Recommended Rules for the Web Security Group: Apply this security group to EC2 instances running on public networks in both the Availability Zones. This security group is for the web servers.

  • Inbound:

Source (CIDR)

Protocol

Port Range

Comments

ID of ELB security group

TCP

8080

Accept HTTP traffic from the load balancer.

ID of ELB security group

TCP

8443

Accept HTTPS traffic from the load balancer.

ID of Bastion security group

TCP

22

Allow SSH traffic from the bastion network.

  • Outbound:

Destination (CIDR)

Protocol

Port Range

Comments

ID of Database security group

TCP

3306

Allow MYSQL access to the database servers assigned to the database security group.

Recommended Rules for the Bastion Security Group: Apply this security group to EC2 instances running on the bastion network.

  • Inbound:

Source (CIDR)

Protocol

Port Range

Comments

MyIP

TCP

22

Accept SSH connection for your fixed static IP. This implies you can connect to the bastion sever from only the IP address. If you do not have a static IP, change the source to 0.0.0.0/0.

  • Outbound:

Destination (CIDR)

Protocol

Port Range

Comments

ID of Database security group

TCP

3306

Allow MYSQL access to the database servers to administer the MYSQL database.

ID of Web security group

TCP

22

Allow SSH access to the web server instances for administration running on the public network.

Recommended Rules for the Database Security Group: Apply this security group to EC2 instances running on the private network in both the availability zones. This security group is for the database servers:

  • Inbound:

Source (CIDR)

Protocol

Port Range

Comments

ID of Web security group

TCP

3306

Accept MYSQL connections from the web application running on the public network.

ID of Bastion security group

TCP

3306

Allow MYSQL access to the database servers to administer the MYSQL database.

  • Outbound:

Destination (CIDR)

Protocol

Port Range

Comments

None

None

None

Delete all outbound rules.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.149.245.219