Create Security groups

Create security groups

In this section, we will create security groups for our Application Load Balancer, Private Subnets (Containers), and Private Database Subnets.

  1. Security groups for Application Load Balancer
  • Choose Security groups on the left side of the screen and choose Create security group ConnectPrivate
  • Configure our ALB Security group as follows:
    • Security group name: alb-sg-01
    • Description: Internet facing ALB
    • VPC: my-workshop-01 ConnectPrivate
  • Add Inbound rules:
    • Type: HTTP; Source: Anywhere-IPv4
    • Type: SSH; Source: My IP
    • Type: All ICMP - IPv4; Source: Anywhere-IPv4
    • Type: Custom TCP; Port range: 8000; Source: Anywhere ConnectPrivate
    • Choose Create security group ConnectPrivate
  1. Security groups for Private Subnets (Containers)
  • Do the same process as above, but configure Security group as follows:
    • Security group name: container-sg-01
    • Description: Private containers
    • VPC: my-workshop-01 ConnectPrivate
  • Add Inbound rules:
    • Type: Custom TCP; Port range: 8000; Source: Anywhere
    • Type: Custom TCP; Port range: 8080; Source: Custom - alb-sg-01
    • Type: Custom TCP; Port range: 8080; Source: Anywhere-IPv4
    • Type: Custom TCP; Port range: 8080; Source: My IP
    • Choose Create security group ConnectPrivate
  1. Security groups for Private Databases
  • Do the same process as above, but configure Security group as follows:
    • Security group name: container-sg-01
    • Description: Private containers
    • VPC: my-workshop-01 ConnectPrivate
  • Add Inbound rules:
    • Type: MYSQL/Aurora; Source: Custom - alb-sg-01
    • Type: All traffic; Source: Anywhere-IPv4
    • Type: Custom TCP; Port range: 8080; Source: Anywhere-IPv4
    • Choose Create security group

      All traffic is for tesing purpose only. In production, you should limit the traffic to the necessary ports only.

      ConnectPrivate ConnectPrivate
  1. Finishing creating security groups: ConnectPrivate