A security group acts as a virtual firewall for your instance to control inbound and outbound traffic. For each security group, you add rules that control the inbound traffic to instances, and a separate set of rules that control the outbound traffic.
At a minimum, we recommend creating the following security groups when deploying AppDynamics in AWS using Aurora DB.
You can create additional security groups to align with your organization's standards.
Required Security Groups
Use the instructions provided in the AWS security groups documentation to create these required security groups:
Security Group for the AppDynamics Enterprise Console
Security group name: appd-ec-security-group
Inbound rule: Allow all inbound TCP traffic on ports 22 and 9191
Outbound rules:
- Allow outbound TCP traffic to
appd-appserver-security-group on port 22 - Allow outbound TCP traffic to
appd-db-security-group on port 3388
Security Group for the AppDynamics Controller Appserver
Security group name: appd-appserver-security-group
Inbound rules:
- Allow all inbound TCP traffic on port 22
- Allow inbound TCP traffic on ports 8090-8097 from
appd-elb-security-group
Outbound rule: Allow outbound TCP traffic to appd-db-security-group on port 3388
Security Group for AppDynamics Database Instances
Security group name: appd-db-security-group
Inbound rule: Allow inbound traffic on port 3388 from appd-appserver-security-group and appd-ec-security-group
Outbound rule: No outbound access allowed
Security Group for Load Balancer in Front of the AppDynamics Controller
Security group name: appd-elb-security-group
Inbound rule: Allow all inbound HTTPS traffic on port 443
Outbound rule: Allow outbound TCP traffic to appd-appserver-security-group on ports 8090-8097
