Cloud Projects

Appearance

Table of Contents

Introduction

Now that we have successfully setup our network environment, we are going to setup all required security groups. Here, we are going to create the following security groups.

  • items-rds-sg
  • items-server-alb-sg
  • items-server-ec2-sg
  • items-server-ecs-service-sg

Items RDS Security Group

This security group will be used by items RDS PostgresQL database to allow inbound connection (Postgres port 5432) traffic into RDS Database.

  • Click on Create security group
  • Provide security group name items-rds-sg and description of your choice then select items-database-vpc.
  • With inbound role select Postgres and provide CIDR Range of 10.0.0.0/8.
  • Leave default outbound rule and click on Create security group to create it.
  • Confirm security group has been created successfully.

Items Server Application Load Balancer Security group

This security group will be used by items application load balancer to allow inbound connection (HTTP and HTTPS) traffic into ECS Server.

  • Click on Create security group
  • Provide name items-server-alb-sg, description of your choice and select items-server-vpc.
  • Allow two inbound rule (HTTP and HTTPS) with source as 0.0.0.0/0 to allow traffic from anywhere.
  • Click on Create security group.
  • Confirm security group has been created

Items Server EC2 Security group

This security group will be used by EC2 instances part of ECS Cluster to allow all inbound traffic to the EC2 Instances.

  • Click on Create security group
  • Provide security group name items-server-ec2-sg, description and select items-server-vpc
  • With inbound rule select All traffic and source from 10.0.0.0/8
  • Click on Create security group
  • Confirm items-server-ec2-sg has been created successfully.

Items Server ECS Service Security group

This security group will be used by ECS Service to allow all inbound traffic to the ECS Service.

  • Click on Create security group
  • Provide security group name items-server-ecs-service-sg, description and select items-server-vpc.
  • Allow all inbound trafic from 10.0.0.0/8
  • Click on Create security group
  • Confirm created security group.

Now that we have successfully created all required security groups, lets continue by create our launch template, which will be used to spin up ec2 instances for our ecs cluster using auto scaling group.