What is a security group in AWS?

What is a security group in AWS?

What is a security group in AWS?

security group acts as a virtual firewall for customers EC2 instances to control incoming and outgoing traffic. Inbound rules control the incoming traffic to the instance, and outbound rules control the outgoing traffic from your instance. When customers launch an instance, they can specify one or more security groups. If a security group was not specified, Amazon EC2 uses the default security group. Additional rules to each security group that allow traffic to or from its associated instances was allowed. New and modified rules are automatically applied to all instances that are associated with the security group. When Amazon EC2 decides whether to allow traffic to reach an instance, it evaluates all of the rules from all of the security groups that are associated with the instance.

The rules of a security group control the inbound traffic that’s allowed to reach the instances that are associated with the security group. The rules also control the outbound traffic that’s allowed to leave them.

To create a security group with least privilege

  1. Open the Amazon EC2 console.
  2. From the navigation bar, select a Region for the security group. Security groups are specific to a Region, so you should select the same Region in which you created your key pair.
  3. In the navigation pane, choose Security Groups.
  4. Choose Create security group.
  5. In the Basic details section, do the following:
    1. Enter a name for the new security group and a description. Use a name that is easy for you to remember, such as your user name, followed by _SG_, plus the Region name. For example, me_SG_uswest2.
    2. In the VPC list, select your default VPC for the Region.
  6. In the Inbound rules section, create the following rules (choose Add rule for each new rule):
    • Choose HTTP from the Type list, and make sure that Source is set to Anywhere (0.0.0.0/0).
    • Choose HTTPS from the Type list, and make sure that Source is set to Anywhere (0.0.0.0/0).
    • Choose SSH from the Type list. In the Source box, choose My IP to automatically populate the field with the public IPv4 address of your local computer. Alternatively, choose Custom and specify the public IPv4 address of your computer or network in CIDR notation. .
  7. Choose Create security group.

 [gmedia id=32]

© 2022