6.2 Creating Security Lists and Associating with Subnets
- Create a new security list for the vcn
your-vcn-name
, for example,ggsa_web_app_sec_list
and add the following stateful ingress rules with the following attributes:-
- Stateless = unchecked
- Source CIDR = 0.0.0.0/0
- Protocol = TCP
- Source Port Range = All
- Destination Port Range = 443
- Description = Internet access to GGSA web application
-
- Stateless = unchecked
- Source CIDR = 10.0.0.0/16
- Protocol = TCP
- Source Port Range = All
- Destination Port Range = All
- Description = Traffic from GGSA web-tier to GGSA runtime
-
- Associate security list
ggsa_web_app_sec_list
with subnetyour-vcn-name-public
. - Create another security list for the
your-vcn-name
vcn, for exampleggsa_runtime_sec_list
and add a stateful ingress rule with attributes:- Stateless = unchecked
- Source CIDR = 10.0.0.0/16
- Protocol = TCP
- Source Port Range = All
- Destination Port Range = All
- Description = Traffic from GGSA web-tier to GGSA runtime
- Associate security list
ggsa_runtime_sec_list
with subnetyour-private-regional-subnet
.