Hey folks! I've been thinking about how to best manage security groups in AWS. Right now, we're using a few shared security groups across different instances, which introduces some risks. For instance, when we open a port in one security group, it affects all instances that use that group. Plus, if one of the rules in a security group allows access from another security group, it can lead to unintended access for all instances linked to that group. I'm curious about how teams are structuring their security groups to avoid these issues. What strategies do you use to keep them organized and secure?
5 Answers
It's all about the functionality for us. We stick to having a dedicated security group for each service or function. Although sometimes we combine a couple of generic ones for management tasks, every primary service has its specific group. This keeps things organized and secure!
We manage our security groups using Terraform and typically avoid sharing them. Each service has its dedicated security group for better control.
I follow a principle of one role, one security group. Sometimes we have a generic one that allows SSH, ICMP, and Prometheus polling, but overall, each group is tied to a specific role.
Our strategy is to create security groups based on roles or functions—like one for LDAP servers, another for FTP servers, and so on. This way, we can tailor the rules based on each service’s needs without causing conflicts.
Yeah, exactly! We only share security groups for EC2 instances that perform the same role, like clustered systems. We automate the creation of security groups with tools like CloudFormation, and we even manage our Lambda security groups to prevent IP sprawl like we used to have. Now we use a standard LambdaEgress security group for all Lambdas in a VPC, keeping it tidy and efficient.
Sounds like a solid plan! We ended up with so many Lambda-specific security groups that it became unmanageable. The standardization really helps!
Couldn’t agree more! Having specific security groups really avoids the chaos of mixing roles in one group.