05-Security Groups

Module creating 7 Security Groups by role

Stage Modulemodules/05-security-groups

Security Groups

NamePurposeMain Ports
milu2stage-VN-trusted-ip-sgOffice / trusted IPs22 (SSH)
MILU2stage-sgGeneral app SG (web, api, push)80, 443, 8082, 3001
MILU2-stage-node-game-sgNode game9001-9010
MILU2-stage-node-world-sgNode world9011-9020
MILU2-stage-node-chat-sgNode chat9021-9030
MILU2-stage-node-commu-sgNode commu9031-9040
milu2stage-dbDatabase (MySQL, Mongo, Redis)3306, 27017, 6379

Trusted IPs

Variable vn_trusted_cidrs defines IPs allowed to SSH:

Warning

Update vn_trusted_cidrs in terraform.tfvars when office network changes.

Rule Pattern

Security Groups are designed following the principle of least privilege:

  • SSH (22) only from trusted IPs
  • DB ports only from VPC CIDR
  • HTTP/HTTPS from ALB
  • Node ports from VPC CIDR