Did you work out the answer?
AWS best practices for highly available secure websites/applications is to use an auto scaling group with an elastic load balancer in front of it. The instances that are stood up are in a private subnet to ensure hackers's have limited visibility of the server and the only entry point is via a vetted load balancer. This means that if there was a miss-configuration on the security group or network acl or software firewall inside the server, it won't be fully open to the internet.
Hi @mateusrangel ,
Did you work out the answer? AWS best practices for highly available secure websites/applications is to use an auto scaling group with an elastic load balancer in front of it. The instances that are stood up are in a private subnet to ensure hackers's have limited visibility of the server and the only entry point is via a vetted load balancer. This means that if there was a miss-configuration on the security group or network acl or software firewall inside the server, it won't be fully open to the internet.
This may be helpful to you. https://d1.awsstatic.com/whitepapers/AWS_Cloud_Best_Practices.pdf
regards,
William