I have a load balancer listing on TCP port 6379 on ELB.
I have a redis sec group that only allows amazon-elb/sg-843f59ed (amazon-elb-sg), and another sec group called frontend_servers.
6379 amazon-elb/sg-xxxxx (amazon-elb-sg)
6379 sg-xxxxxx (frontend_server)
22 0.0.0.0/0
I would like to keep private and I dont want to use passwords for redis. I also do not want to use VPC. So….how to I secure redis to load balance slaves but yet only my front end servers be allowed to read and write to read. As of now, I can log into redis from any machine using the elb. But…so can anyone else. Its disheartening to think that aws does not allow the ability to secure elb.
Best Answer
You MUST use a VPC to setup security groups on a LB. Not what you want to hear but it's the current limitations on AWS/ELB.