If you haven’t seen our part 3 article catch up first here: The World of AWS | Getting Connected with Internet Gateways
Building on from what we’ve achieved so far. I think its time we dip our toes into the world of security!
A really simple way we can implement to help maintain the security of our servers is to use Security Groups. Security Groups are essentially a firewall that we can build out to allow certain traffic into our servers our out from our servers. They can then be attached to multiple servers to provide the same layer of protection.
Just to clarify, we’re not saying this is the only security we’ll need but its a easy vital step in protecting our systems.
Hows its going to look…
How i did it…
- Its relatively easy creating and using security groups. We’ll start by logging into the AWS console if we haven’t already. In the search bar, enter Security Groups and select it from the drop down
- We’ll hit Create Security Group
- We’ll enter some basic information around naming and description and which VPC the security group will used in
- Under inbound rules. Entering them one rule at a time, we can set the type as HTTP/HTTPS which will complete some of the other fields for us. Selecting Anywhere in the source field and completing a description of the rule. We can do the same thing again for our HTTPS rule
- Under Outbound rules choose MYSQL from the type drop-down. Again select Anywhere IPv4 and add a description
- Once complete select Create Security Group at the bottom of the page
- Thats it we now have our security group ready to be attached to our EC2 instances which we’ll pick up in the next article but before we move onto that, we first need to follow the same steps again for our Amazon RDS instances
- Select create a new security group and populate the basic information
- In our inbound/outbound rule
- One thing to note here, if we were to use static IP addresses on our web servers we could use them as the source for our inbound rules which would help secure the RDS instance further. This is something we may come back to. Also we going to set the same rule for outbound as this maybe required further on when we configure replication
- Select create at the bottom of the page
That’s it for this article but we’re not finished on security. We’ll be delving in and out of the topic as we progress. Next we’ll start thinking about building our instances.