Create all Security Groups, to restrict access to Inbound and Outbound traffic for the various services involved.
VPC > Security Groups > Create
For Aurora Serverless DB
(For Aurora Serverless DB)
Name: wp-stack-db-sg > Edit Inbound rules > Add rule to allow traffic from ECS to RDS. Also allow access from the bastion host.
MYSQL/Aurora TCP 3306 sg-05e94187d53da9a15 (wp-stack-fargate) MYSQL/Aurora TCP 3306 sg-09f4cc6b8cb787ca9 (wp-stack-bastion-sg)
Name: wp-stack-efs-sg > Select VPC > Inbound > Add rule for the ECS security group ID and the bastion host.
NFS tcp 2049 sg-05e94187d53da9a15 (wp-stack-fargate) NFS tcp 2049 sg-09f4cc6b8cb787ca9 (wp-stack-bastion-sg)
Delete outbound rules.
For the Application Load Balancer
Name: wp-stack-alb-sg > Inbound rules: Allow 80, 443 from Anywhere
For ECS Fargate
Name: wp-stack-fargate > Select VPC > Edit Inbound rules > Allow port 80 from the ALB
HTTP TCP 80 sg-01a31bac46b2a990a (wp-stack-alb-sg)