isn't ec2 security groups exactly what you want? it blocks access except for specified ports (and IP addresses)
On Tue, Feb 17, 2009 at 7:02 PM, kenja <[email protected]> wrote: > > Has anyone developed a means to lock down the mysql servers and app > servers so they will only accept connections from the www server via > ports 3306, 80, and 443? It seems that the default is for them to be > wide open to the world, which is not ideal from a security > standpoint. > > We could do it by reserving a block of elastic IPs, but that seems > silly as you have to have a bunch of unused IPs sitting around at $15/ > mo each. Plus you cap the number of servers you can launch by the > number of IPs you purchase. > > Better would be a startup script that adds all IPs in the farm to the > firewall allowed list and then some kind of notification mechanism > when new servers are launched. Does anyone do this? > > > > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "scalr-discuss" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/scalr-discuss?hl=en -~----------~----~----~----~------~----~------~--~---
