How to configure Amazon Security Groups to achieve multi-tier architecture?

Posted by ks78 on Server Fault See other posts from Server Fault or by ks78
Published on 2011-03-10T15:44:04Z Indexed on 2011/03/10 16:12 UTC
Read the original article Hit count: 281

What is the preferred way to configure Amazon Security Groups to achieve a multi-tier architecture?

Each of my instances has its own Security Group, which I only want to use for rules specific to an instance. I'd like to keep any rules which apply to multiple instances in a separate Security Group, which can then be assigned to instance Security Groups as necessary.

As an example, I've setup a group called "admin", which allows administrative access from my IP. I added the "admin" group as the source to each of my instance security groups. However, I still can't access the instances from my IP without adding the rules directly to the instance's group.

Am I missing something? Although it seems a multi-tier security architecture should be possible, it doesn't seem to be working.

© Server Fault or respective owner

Related posts about networking

Related posts about security