Review the security group configuration in your lab
- Refer to the collected output values from your CloudFormation stack. Note the value of the “InterfaceSecurityGroupURL” output. This is the URL to review the security group associated with your interface endpoint. Also note the values of the “SecurityGroupForReportsEngine” and “SecurityGroupForSalesApp” outputs.
- Paste the InterfaceSecurityGroupURL value in your browser and select the security group in the top pane.
- Click on the Inbound tab in the lower pane to see inbound security group rules. The development team have restricted access to the CIRD range 10.0.0.0/8.
- Further restrict the inbound rules. Update the existing inbound security group rule by clicking the Edit button in the lower pane. Remove the existing rule (10.0.0.0/8). Create two new inbound rules with the following attributes (updating the sg- values with the outputs from your Cloudformation stack):
||Inbound from SecurityGroupForSalesApp
||Inbound from SecurityGroupForReportsEngine
Save your changes to further constrain network access to the interface endpoint and the SQS queue it provides access to.
For additional information regarding security group rule updates refer to the AWS documentation: https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html#AddRemoveRules