I want to set up security group for an ec2 instance(Linux). There are services running on it like mem cached, python, dhclient, nodejs etc. How do i know which IP/CIDR-block should my server be listening to on a particular port?
Eg. if mysqld is running on port 3306, what should be the source CIDR/IP/SG and how to find it out? (inbound rules)
p.s. It is a vpc with various webservers, database-servers, CMS, Solr etc. I need to setup security groups for each of these. Specifically, I need to know what instance is talking to what other machines in the VPC. Presently security group setup is open for all. I need to secure it
Best Answer
Consider if you are running mysqld on database server, you simply need to open 3306 port in the database server's security group to the web server's security group. So all the web servers will have access to database servers.