Blog

By now we have got some kind of theoretical understanding of a security group, as I told you a security group is nothing but it is a layer of security that you add to your instance, It could be for an EC2 instance or it could be an RDS instance.

Just remember in an AWS instance the layer of security that you are actually binding to your instance is your security group.

Now we actually started from our basic figure and we created a VPC which was on 10.0.0.0/16 and that we created two subnets, One was a public subnet and other was private subnet.

Now let's try to move a bit further and we try to introduce some instances it could be an EC2 instance or it could be RDS instance,Let's say you've introduced an EC2 instance which is actually an Apache web server. So this is EC2 instances running an Apache web server.

So now to protect this EC2 instance we need to have some kind of security on top of this which we call security group, So this lock here depicts a security group and we will call the security group as websrv-sg.

So in the later demos I'll show you how we'll actually create a security group for the web server which will be called websrv-sg.
 What about the private subnet, so in the private subnet we will be having an RDS database and it would be an RDS instance. So we will have an Oracle 12c database running on Amazon RDS.

Again we need to put some kind of security on it which we call the security group and we call it as the dbsrv-sg.

Now what would be the difference:
The difference here would be when I talk about the Apache web server because it is in the public subnet we want it should be publicly accessible to the Internet so then you're actually allowing your traffic we have to allow the traffic say to connect first of all that you can connect to this EC2 instance on port 22 Or you can do SSH on that and for the protocol which is HTTP to be accessible we need to allow the traffic on port 80.

When you talk about database , it is an RDS instance we can't actually connect to it as direct access to port 22 is not allowed.
So all we have to do is we need to allow the traffic to come from the web server to the Amazon RDS instance and for this we will use the dbsrv-sg security group and all we can say is that it will allow the traffic on the protocol TCP for the protocol TCP on port1521 and I'll show you both of these things in the next demo.

Happy Learning !!!

DB Alchemist Academy

You may explore our E-Learning Page to have an insight into our High Rated Courses on Udemy and Enrol to the Complete Course.