Deploy fullstack app with three-tier architecture > Preparation Steps > Create Security Group

Create Security Group

In the VPC interface, choose Security groups on the sidebar, then click Create security group to create a security group for the ELB (Elastic load balancer) to be created
In the create security group interface:
- Name enter InternetFacing-LB-SG
- Description enter External load balancer security group
Set up Inbound rules, by adding the following rules:
- First rule allows access to HTTP, and Source: Anywhere-IPv4
- Second rule allows SSH from My IP which means personal IP, will change when you change the network
- Last rule Type: All ICMP - IPv4 and Source: Anywhere-IPv4 allows ping from any IP address
Scroll down to the bottom and click Create security group
Finish creating SG for ELB

Repeat the above steps to create SG for Web tier (present layer with user, can be understood as front-end)
Set up Inbound rules, by adding the following rules:
- First rule allows access via HTTP but only with source from InternetFacing-LB-SG we just created above (according to the designed structure)
- The following rules are similar to creating SG for ELB
Scroll down to the bottom and click Create security group

Create the 3rd SG for Internal load balancer
Set up Inbound rules:
- Type: HTTP choose Source: WebTier-SG allows access to HTTP from the web tier SG
- Then click Create security group

Create the 4th SG for App tier (private instances)
Set up Inbound rules:
- Type: Custom TCP, Port: 8080 and Source: Internal-LB-SG allows traffic from internal load balancer to enter
- And 2 similar rules but Source: Anywhere-IPv4 and My IP
- Then click Create security group

Create the 5th SG for DB tier (private instances containing MySql)
Set up Inbound rules:
- Type: Custom TCP, Port: 3306 and Source: AppTier-SG allows traffic from app tier to enter
- Then click Create security group
- You can add more rules to allow traffic from other sources for testing purposes
Finish creating 5 SG for the designed structure