I was working on the review of my small business IT infrastructure today, which includes our servers at Amazon EC2. As I was looking at my “server role” definitions and the corresponding Amazon EC2 Security Groups I saw a new blog post come in from Amazon Web Services.
They put together an overview of building three-tier architectures with security groups. I learned a few things while reading which will hopefully help be better setup my infrastructure:
- You can reference other security groups instead of IP addresses when adding entries
- Creating security for external users such as vendors or development groups
- Security groups filters traffic internally and externally.
So this was an eye opener about truly securing your three-tier architecture. I have the web and database server roles, but the application role is a new layer I hadn’t considered.
I also have other role based layers for development (subversion), and content (FTP). Also have mail specific SMTP and POP security layers.