Part 2: Serverless WordPress – Security Groups

Create all Security Groups, to restrict access to Inbound and Outbound traffic for the various services involved.

VPC > Security Groups > Create

For Aurora Serverless DB

(For Aurora Serverless DB)
Name: wp-stack-db-sg > Edit Inbound rules > Add rule to allow traffic from ECS to RDS. Also allow access from the bastion host.

 MYSQL/Aurora    TCP 3306    sg-05e94187d53da9a15 (wp-stack-fargate)
 MYSQL/Aurora    TCP 3306    sg-09f4cc6b8cb787ca9  (wp-stack-bastion-sg)


Name: wp-stack-efs-sg > Select VPC > Inbound > Add rule for the ECS security group ID and the bastion host.

 NFS    tcp 2049 sg-05e94187d53da9a15 (wp-stack-fargate)
 NFS    tcp 2049 sg-09f4cc6b8cb787ca9 (wp-stack-bastion-sg)

Delete outbound rules.

For the Application Load Balancer

Name: wp-stack-alb-sg > Inbound rules: Allow 80, 443 from Anywhere

For ECS Fargate

Name: wp-stack-fargate > Select VPC > Edit Inbound rules > Allow port 80 from the ALB

HTTP    TCP 80  sg-01a31bac46b2a990a (wp-stack-alb-sg)

Leave a Reply