I just started AWS, and find its security absolutely bewildering. It's good that things are locked down by default, and that the security is fine grained, but I was completely unable to locate a best practice for "I'm just writing a basic CRUD app and need the pieces to talk to each other".<p>Everything I touched was a mass of opaque identifiers -- roles and VPNs and security groups and I can't remember what else. I have no idea what I opened up in order to get anything to work, and I've almost certainly committed massive security violations. (Several entries in that list warn against 0.0.0.0/0, which was advised to do on multiple sites as the right way to open stuff up -- and I don't know what else I'm supposed to do.)<p>Oh, and it takes a while for changes to propagate, but I don't know how long. Eventually I discovered that something I did actually worked -- but I don't really know what.<p>So I don't really know what mistakes I made, except to be certain that there are many of them, and that they're going to be very dangerous.