Security Group Chaining

aws/security aws/concept

💡 Definition

Security Group Chaining is a security practice where you configure a Security Group's inbound rule to accept traffic only from another specific Security Group, rather than from a range of IP addresses.

🔑 Key Concepts

⚙️ How it Works

  1. ALB SG: Create a Security Group for your Load Balancer allowing inbound HTTP from 0.0.0.0/0.
  2. Web SG: Create a Security Group for your Web Servers. Add an inbound rule allowing HTTP from ALB SG.
  3. Result: Your Web Servers will only accept traffic that has passed through the Load Balancer. They are effectively invisible to the direct internet on that port.

🎯 Use Cases

💰 Pricing Model

📝 Exam Tips (CLF-C02)


See Also: * Security Group * Load Balancer