The Application Security Solution in VPC
Created#More Posted time:Dec 16, 2015 11:30 AM
Implementing a firewall policy is just basic survival when it comes to internet-facing servers. AliCloud provides Security Groups as a mandatory whitelisting firewall to limit inbound open ports on ECS. You can allow specific ports/protocols for an IP or CIDR.This allows you to create tiers of protection mapping to your application tiers.Creating these layered firewall policies makes your applications?significantly?more secure.
1.A security group acts as a virtual firewall for your instance to control the traffic. Here it allows the web servers to receive incoming 80/443 traffic.
2.For App server, the SG allows it to receive requests from web server and also SSH traffic from your network. The app servers can also initiate read and write requests to the DB servers in the private subnet.
3.The DB server is placed in private subnet which means all the internet traffic will be denied. It only accept the certain requests from the app server.
4.The public subnet and private subnet are logical concepts to place the ECS instance. It helps the Ops team to manage the instances. Generally only the instances in public sunbet have EIP.