Questions about stake pool security

Hello community, I’m sure these questions am have been answered however I am having trouble figuring out these few things as I’m not the most tech savvy. (Thought I was, but then I learned more) I’ve been slowly building a stake pool and I’m at a point where I’m trying to harden the security but I am confused about the networking and how the relay works.
I currently have an Ubuntu Linux computer and an AWS server and with these I have been using the Haskell testnet to mock transactions. 3 questions;

1 should I use the security groups to secure the aws relay node?

2 should I register the block producing node on my home computer?

3 Do I use the topology file on the aws to connect through to the home node?

Thank you for any help!

HEY @FINDING_MIAM,

Yes, leave open only necessary ports;

You don’t have to. You can elect to have an exclusively cloud based setup (I think quite a few SPOs do);

Yes, your relay topology will have to point to the wider network and your block producing node. Your block producing node’s topology file, on the other hand, will only point to you relay.

Hope this helps,

Adrem [RABIT]