I was working on the review of my small business IT infrastructure today, which includes our servers at Amazon EC2. As I was looking at my "server role" definitions and the corresponding Amazon EC2 Security Groups I saw a new blog post come in from Amazon Web Services.They put together an overview of building three-tier architectures with security groups. I learned a few things while reading which will hopefully help be better setup my infrastructure:
So this was an eye opener about truly securing your three-tier architecture. I have the web and database server roles, but the application role is a new layer I hadn't considered.I also have other role based layers for development (subversion), and content (FTP). Also have mail specific SMTP and POP security layers.I will be upgrading my Amazon EC2 security structures based upon what I've learned today, and include in my cloud IT infrastructure review strategy.
- You can reference other security groups instead of IP addresses when adding entries
- Creating security for external users such as vendors or development groups
- Security groups filters traffic internally and externally.