05-Security Groups
Module creating 7 Security Groups by role
Stage Modulemodules/05-security-groups
Security Groups
| Name | Purpose | Main Ports |
|---|---|---|
| milu2stage-VN-trusted-ip-sg | Office / trusted IPs | 22 (SSH) |
| MILU2stage-sg | General app SG (web, api, push) | 80, 443, 8082, 3001 |
| MILU2-stage-node-game-sg | Node game | 9001-9010 |
| MILU2-stage-node-world-sg | Node world | 9011-9020 |
| MILU2-stage-node-chat-sg | Node chat | 9021-9030 |
| MILU2-stage-node-commu-sg | Node commu | 9031-9040 |
| milu2stage-db | Database (MySQL, Mongo, Redis) | 3306, 27017, 6379 |
Trusted IPs
Variable vn_trusted_cidrs defines IPs allowed to SSH:
Warning
Update vn_trusted_cidrs in terraform.tfvars when office network changes.
Rule Pattern
Security Groups are designed following the principle of least privilege:
- SSH (22) only from trusted IPs
- DB ports only from VPC CIDR
- HTTP/HTTPS from ALB
- Node ports from VPC CIDR