6Tem
Are AWS security groups enough to segment network and reduce PCI scope?
I was reading this paper
https://d1.awsstatic.com/whitepapers/pci-dss-scoping-on-aws.pdf
It shows this image
Am I correct in saying that - as long as instances have proper security groups that restrict connectivity, it will remove them from PCI scope?
On an additional note - is it just me that finds it awfully difficult to get best practice for PCI within cloud environments - seems a bit all over the place.