The service depends on your Security Group to enforce read access to the database. It does not depend upon the security features of PostgreSQL. We do not want to burden the technical staff with the task of maintaining database users and password. We believe it is less burdensome to restrict access to the instance on which the database resides. We need to add a rule for each client IP address block that will have access to the instance and hence the database.

To do this, we'll start by going to the AWS console and on there go to EC2.

Click the Security Groups link on the left.

Then click the Create Security Group button

We need to give our security group a name and a description. In this example we will give it the name logs-for-aws. You may use any name you want, but make note of the name as we'll need it when launching the instance.

Once the name is set we'll move on to the description. We will give the description Logs for AWS, but you may use any description you want.

Once the description is set, if you want to use this in a VPC then set it here.

Now we will add rules to the security group by pressing the Add Rule button.

Click on the Type dropdown.

And we'll open up SSH for this security group.

Next we'll set the source for the rule.

If you know what IP block you should set, you can keep it as Custom IP and enter the value. Otherwise setting to My IP is recommended just so your IP address can connect to this security group. However for this example we will go with Anywhere which allows anybody to connect to instances in this security group.

Once that's done, click on Add Rule

Click on the Type dropdown for the new rule.

This time we'll pick HTTP.

This will default the source to Anywhere. We want this to be the same as the SSH rule, so if you didn't use Anywhere change it to your appropriate source.

You quite possibly will want to allow another rule to allow direct access to the PostgreSQL database. However it is not needed for the service to run.

TypeProtocolPort RangeSource
Custom TCP RuleTCP5432Use My IP or appropriate Custom IP

Add any other rules you may want and when done click on the Create button.

The security group is now set up and ready to go.

Amazon Web Services, the "Powered by Amazon Web Services" logo, AWS, EC2, and Amazon VPC are trademarks of Amazon.com, Inc. or its affiliates in the United States and/or other countries.