适用于RDS的AWS安全组-出站规则 [英] AWS Security Group for RDS - Outbound rules
问题描述
我为RDS实例分配了一个安全组,该安全组允许来自我们EC2实例的端口5432流量。
I have a security group assigned to an RDS instance which allows port 5432 traffic from our EC2 instances.
但是,此安全组已为所有启用了所有出站流量所有IP的流量。
However, this security group has all outbound traffic enabled for all traffic for all IP's.
这是安全隐患吗?理想的出站安全规则应该是什么?
在我看来,RDS安全组的出站流量应限制为EC2实例的端口5432,对吗?
Is this a security risk? What should be the ideal outbound security rule? In my perspective, the outbound traffic for the RDS security group should be limited to port 5432 to our EC2 instances, is this right?
推荐答案
理想的出站安全规则应该是什么?在我看来,RDS安全组的出站流量应限制为EC2实例的端口5432,对吗?
What should be the ideal outbound security rule? In my perspective, the outbound traffic for the RDS security group should be limited to port 5432 to our EC2 instances, is this right?
最好也明确控制出站连接。
It is a good idea to have a clear control over outbound connections as well.
在RDS组中:删除所有出站规则(默认情况下,存在允许出站规则的规则)连接到所有端口和IP的->只需删除此所有位置规则。)
In your RDS group: delete all outbound rules (by default, there is rule that allows outbound connections to all ports and IP's -> just delete this "all-anywhere" rule).
您的数据库将通过端口5432从EC2实例和RDS接收入站请求将通过完全相同的连接响应您的EC2实例,在这种情况下完全不需要定义出站规则。
Your DB will receive inbound requests through port 5432 from your EC2 instance, and RDS will respond back to your EC2 instance through the very same connection, no outbound rules need to be defined in this case at all.
这篇关于适用于RDS的AWS安全组-出站规则的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!