Explore Courses Blog Tutorials Interview Questions
0 votes
in AWS by (19.1k points)

My understanding of AWS Security Groups is that it is essentially a whitelist.

Everything is blocked unless explicitly allowed.

Let's say hypothetically that I have some EC2 instances setup with autoscaling.

In the context of autoscaling, I won't necessarily know what those future IP's will be.

Say I have a set of EC2 instances that are used for databases like mysql or MongoDB.

I want to only allow my application servers to be able to access my database servers.

Is there a way to create a tag for an EC2 instance and per the security group, allow any EC2 instance with a certain tag?

How is this usually done in the real world?

1 Answer

0 votes
by (44.3k points)

You can use security groups as classifiers, so use the groups “id” for the “source” field.

For instance:

  • Consider having a cluster of web servers who belong to a ‘web’ security group (sg-12345)
  • Consider having a cluster of database servers who belong to a 'db' security group (sg-23456)
  • You can allow port 3306 from your “db” security group to sg-12345. Until new instances are created in the ‘web’ security group, they will have access to ‘db’ on port 3306.

Related questions

Want to get 50% Hike on your Salary?

Learn how we helped 50,000+ professionals like you !

0 votes
1 answer

Browse Categories