WebsiteXTelegram

2.5.7 Security & Networking

1. VPC (Virtual Private Cloud)

• Configure subnets: public (for ALB) and private (for ECS tasks, RDS, Redis).

2. Security Groups

• ALB SG: Allows inbound HTTP/HTTPS from the internet, forwards to ECS tasks.

• ECS task SG: Allows inbound traffic from ALB, outbound to RDS/Redis.

• RDS SG: Allows inbound only from ECS task SG, locked to port 5432 (PostgreSQL).

3. AWS WAF

• Web Application Firewall to filter malicious requests (SQL injection, cross-site scripting).

4. AWS Shield

• Protects against DDoS attacks (standard or advanced, depending on your risk profile).

Previous2.5.6 Static Frontend Hosting (React)Next2.5.8 Observability & Monitoring

Last updated