We also run on AWS and we use security groups. You can restrict inbound traffic to other nodes with the same security group only.
On Fri, Feb 1, 2013 at 9:32 AM, Hector Castro <[email protected]> wrote: > Hi, > > We recently published a blog post detailing methods of deployment on AWS > [0]. > > More specifically, to secure the nodes behind an ELB you can assign > them security groups as they're defined here [1]. With regard to the > ELB, spinning one up in a VPC [2] is the only way to assign security > groups to it. This allows you to whitelist specific nodes trying to > talk to the Riak cluster [3]. > > [0] http://basho.com/blog/technical/2013/01/30/RiakonAWS/ > [1] > http://docs.basho.com/riak/1.2.1/tutorials/installation/Installing-on-AWS-Marketplace/ > [2] http://aws.amazon.com/vpc/ > [3] > http://aws.typepad.com/aws/2011/11/new-aws-elastic-load-balancing-inside-of-a-virtual-private-cloud.html > > Hope this helps, > > -- > Hector > > > On Fri, Feb 1, 2013 at 8:06 AM, vvsanil <[email protected]> wrote: > > What are the best practices for securing my riak cluster on AWS? The > cluster > > will be sitting under a load balancer (ELB). Basically how do i prevent > > others from accessing my riak cluster if they happen to know my ip > > address/ports. > > > > (Using Nginx as reverse proxy is not an option for us.) > > > > > > > > -- > > View this message in context: > http://riak-users.197444.n3.nabble.com/Riak-Security-on-AWS-tp4026708.html > > Sent from the Riak Users mailing list archive at Nabble.com. > > > > _______________________________________________ > > riak-users mailing list > > [email protected] > > http://lists.basho.com/mailman/listinfo/riak-users_lists.basho.com > > -- > Hector > > > On Fri, Feb 1, 2013 at 8:06 AM, vvsanil <[email protected]> wrote: > > What are the best practices for securing my riak cluster on AWS? The > cluster > > will be sitting under a load balancer (ELB). Basically how do i prevent > > others from accessing my riak cluster if they happen to know my ip > > address/ports. > > > > (Using Nginx as reverse proxy is not an option for us.) > > > > > > > > -- > > View this message in context: > http://riak-users.197444.n3.nabble.com/Riak-Security-on-AWS-tp4026708.html > > Sent from the Riak Users mailing list archive at Nabble.com. > > > > _______________________________________________ > > riak-users mailing list > > [email protected] > > http://lists.basho.com/mailman/listinfo/riak-users_lists.basho.com > > _______________________________________________ > riak-users mailing list > [email protected] > http://lists.basho.com/mailman/listinfo/riak-users_lists.basho.com >
_______________________________________________ riak-users mailing list [email protected] http://lists.basho.com/mailman/listinfo/riak-users_lists.basho.com
