The service depends on your Security Group to enforce read access to the database. It does not depend upon the security features of PostgreSQL. We do not want to burden the technical staff with the task of maintaining database users and password. We believe it is less burdensome to restrict access to the instance on which the database resides. We need to add a rule for each client IP address block that will have access to the instance and hence the database.
To do this, we'll start by going to the AWS console and on there go to EC2.
Security Groups link on the left.
Then click the
Create Security Group button
We need to give our security group a name and a description. In this example we will give it the name
logs-for-aws. You may use any name you want, but make note of the name as we'll need it when launching the instance.
Once the name is set we'll move on to the description. We will give the description
Logs for AWS, but you may use any description you want.
Once the description is set, if you want to use this in a VPC then set it here.
Now we will add rules to the security group by pressing the
Add Rule button.
Click on the
And we'll open up
SSH for this security group.
Next we'll set the source for the rule.
If you know what IP block you should set, you can keep it as
Custom IP and enter the value. Otherwise setting to
My IP is recommended just so your IP address can connect to this security group. However for this example we will go with
Anywhere which allows anybody to connect to instances in this security group.
Once that's done, click on
Click on the
Type dropdown for the new rule.
This time we'll pick
This will default the source to
Anywhere. We want this to be the same as the SSH rule, so if you didn't use
Anywhere change it to your appropriate source.
You quite possibly will want to allow another rule to allow direct access to the PostgreSQL database. However it is not needed for the service to run.
|Custom TCP Rule||TCP||5432||Use
Add any other rules you may want and when done click on the
The security group is now set up and ready to go.
- ← Prerequisite: Create an IAM Role for Cloud Billing
- ↑ Up
- Signing up for the AMI on the AWS Marketplace →