Apply security groups on instances/NICs or baseline rules at the VPC level.
Insert screenshot of Firewall Groups here
Default deny ingress; open only needed ports
Restrict SSH/RDP to bastion or VPN
Use separate groups for web/app/db tiers
Last updated 5 months ago
Was this helpful?
