Security Groups

  • A security group acts as a firewall that controls the traffic allowed to and from the resources in your virtual private cloud (VPC).

  • One can choose the ports and protocols to allow for inbound traffic and outbound traffic.

  • They contain only allow rules.

Responsibilities

  • They regulate access to ports.

  • They regulate authorized IP ranges for IPv4 and IPv6.

  • Control of inbound network traffic.

  • Control of outbound network traffic.

Basics

  • A good basic introduction can be obtained here.

  • One security groups can be attached to multiple instances.

  • They apply to a region/VPC combination. One SG group is applicable only to one region only.

  • By default, all inbound traffics are blocked to AWS resource and all outbound traffics are allowed from AWS resource.

  • One or more security group can be attached to other security group/s.

  • One AWS resource can have multiple security groups attached to it.

  • Some commonly used service name and port can be found as follows,

    Service name
    Port

    SSH, SFTP

    22

    FTP

    21

    HTTP

    80

    HTTPS

    443

    RDP

    3389

  • If connection refused error occurs, then it is an application issue as it may have errored out and did not launch.

  • ssh command to log into an Linux ec2-instance looks as follows for Linux or mac,

    ssh -i <path-to-pem-file> ec2-user@<public-ip-address>

By default amazon linux 2 AMI has ec2-user has default user setup. Ensure the pem/ppk file has correct user permission.

References

Previous02_SecurityGroupsNext03_Elastic_LoadBalancing

Last updated