Final answer:
Configure security groups to allow incoming traffic on port 443 to the Auto Scaling Group from the ALB, and both outgoing traffic from the Auto Scaling Group and incoming traffic to the RDS instance on the PostgreSQL database port (typically 5432).
Step-by-step explanation:
When configuring security groups for an HTTP application using an Auto Scaling Group, an Application Load Balancer with HTTPS termination, and a PostgreSQL database managed by RDS, you need to consider three main areas of connectivity. First, the security group attached to the Auto Scaling Group needs to allow incoming traffic from the Application Load Balancer. Since the ALB is terminating HTTPS, this would be on port 443. Second, the Auto Scaling Group needs to communicate with the RDS instance, which means it must allow outgoing access to the PostgreSQL database port, which is typically 5432, not the MySQL default port 3306. Lastly, the security group for the RDS instance needs to allow incoming traffic on the database port, but only from the Auto Scaling Group which hosts the application servers.
Correct configuration:
- Allow incoming traffic on port 443 from the ALB to the Auto Scaling Group.
- Allow outgoing traffic on the database port (PostgreSQL default port is 5432) from the Auto Scaling Group to the RDS instance.
- Allow incoming traffic on the database port (again, 5432 for PostgreSQL) from the Auto Scaling Group to the RDS instance.