AWS a default Security Group with no rules

Question

I have a VPC in AWS which has a public subnet and two private subnets and I'm securing the resources with Security Group, not with the Network ACLs.

The default Security group was created with the VPC which allows all outbound traffic and only allows inbound traffic from other subnets within the VPC. I guess my default security group should allow no traffic inbound or outbound. In case I forget to explicitly choose the security group when I launch an instance the server is isolated from other resources.

Answer 1

As per your configuration, put your load balancer in the public subnet(public-facing) and put your web server in a private subnet which will keep them secure.

So in this case, in the future, if you launch instances in the private subnet, it is more secure than launching those instances in public subnets. Also, you can spread your web server across multiple availability zones or you can use Auto Scaling for this purpose which will distribute instances evenly across multiple availability zones and help to meet the demand while minimizing the costs.

Interested in learning AWS? Check out: AWS Certification