To protect the security of the Commander system, security groups must be created for the Commander server and database. The CloudFormation template provided creates two security groups: one for the EC2 instance, and one for the RDS instance. The EC2 instance resides on one subnet, and the RDS instance is available on two subnets. The RDS instance is firewalled and only accepts traffic on port 1433 from the EC2 instance. The EC2 instance is firewalled and accepts HTTPS traffic on port 443. The CIDR block for incoming HTTPS connections can be specified as a parameter to the template (defaults to allowing traffic from anywhere). See the next section for details.
Important: To enable console access to the EC2 instance, so that you can connect to the instance to install Commander, you must allow RDP inbound access on the security group for the EC2 instance. The CloudFormation template doesn't set this access on the security group.