Pre-Deployment Review Report

SG Name: globalbank-prod-c001-us-west-2-sg
Scenario: 3-tier-web (v1.0.0)
Generated: 2026-05-06 03:09:43 UTC
⚠️ Review this report carefully before deploying. This shows the final merged state after all overrides are applied.

Security Group Summary

Tiers
3
Total Ingress Rules
6
Total Egress Rules
3

Security Groups by Tier

web — Frontend/Load Balancer tier — internet-facing

Security Group: globalbank-prod-c001-us-west-2-sg-web-sg

Ingress Rules (2)

Protocol Port(s) Source Description
tcp 443 0.0.0.0/0 HTTPS from internet
tcp 80 0.0.0.0/0 HTTP from internet (redirect to HTTPS)

Egress Rules (1)

Protocol Port(s) Destination Description
tcp 443 0.0.0.0/0 Outbound HTTPS
app — Application tier — receives traffic from web tier

Security Group: globalbank-prod-c001-us-west-2-sg-app-sg

Ingress Rules (2)

Protocol Port(s) Source Description
tcp 8443overridden from 8080 tier:web Application traffic from web tier
tcp 9090added by customer config tier:web Prometheus metrics from web tier

Egress Rules (2)

Protocol Port(s) Destination Description
tcp 5432 tier:db Database connections to database
tcp 443 0.0.0.0/0 Outbound HTTPS (AWS APIs, package repos)
db — Database tier — receives traffic from app tier only

Security Group: globalbank-prod-c001-us-west-2-sg-db-sg

Ingress Rules (2)

Protocol Port(s) Source Description
tcp 5432 tier:app From application tier
tcp 5432added by customer config tier:app Read replica connection from app tier

Egress Rules (0)

No rules defined.

Generated by SG Provisioner Tool