Security Group EFS1
incoming
--- allow 2049 (NFS) from this SG
outgoing
--- allow any
Security Group RDS1
Security Group EFS1
Security Group APP1 (EB automatic)
incoming
--- allow 80 from ELB1
--- allow 22 (SSH) from
10.0.0.0/8 xor departmental VPN/subnet
outgoing
--- allow any
Security Group RDS1
incoming
--- allow 3306 (MySQL) from this SG
--- allow 3306 (MySQL) from
10.0.0.0/8 or departmental VPN/subnet
--- allow 11211 (memcache) from this SG
--- allow 11211 (memcache) from
10.0.0.0/8 xor departmental VPN/subnet
outgoing
--- allow any
Security Group ELB1 (EB automatic)
incoming
--- allow 80, 443 from 0.0.0.0/0
outgoing
--- allow 80 to 0.0.0.0/0
ElastiCache
cluster/node
Elastic Load Balancer
EC2 instances
users
RDS
EFS volume
Need redirect
HTTP -> HTTPS
at ELB or EC2
80/443 HTTP/S
sysadmins
22 SSH
80 HTTP
2049 NFS
3306 MySQL
11211 memcache