Create Security Group
VPC Security Group
A subnet group is a collection of subnets running on Amazon Virtual Private Cloud (VPC) environment, allows you configure inbound and outbound rules
Create VPC Security Groups
In this step, we will create two Security Groups (SGs): one for public subnets (used by EC2 instances) and one for private subnets (DocumentDB)
2.1. Create Public Security Group (SG Public - EC2)
Go to Security groups and select Create security group
In the Create Security Group interface, provide the following details for public-sg-ec2:
Security group name:
public-sg-ec2Description:
Public Security Group for EC2VPC: Select your existing VPC
Add the following Inbound Rules for public-sg-ec2
Protocol Port Range Source Mô tả HTTP 80 0.0.0.0/0 Cho phép truy cập website HTTPS 443 0.0.0.0/0 Hỗ trợ SSL/TLS SSH 22 0.0.0.0/0 Đăng nhập SSH vào EC2 Custom TCP 3000 0.0.0.0/0 Chạy Node.js và Express Custom TCP 27017 SG-Private-DocumentDB Cho phép EC2 kết nối DocumentDB Custom TCP 8800 0.0.0.0/0 Chạy server trên cổng 8800 
Allow all Outbound traffic and select Create security group
2.2. Create Private Security Group (SG Private - DocumentDB)
In the Create Security Group interface, provide the following details for private-sg-documentdb:
Security group name:
private-sg-documentdbDescription:
Private Security Group for DocumentDBVPC: Select your existing VPC
Add the following Inbound Rules for private-sg-documentdb
| Protocol | Port Range | Source | Description |
|---|---|---|---|
| Custom TCP | 27017 | SG-Public-EC2 | Only EC2 can access DocumentDB |
- Allow all Outbound traffic and select Create security group
2.3 Add Inbound Rules for Port 27017 in public-sg-ec2
In the Security Groups interface, select public-sg-ec2
Then, select Edit inbound rules to add an inbound rule
Add the inbound rule and select Save rules
