# Security Groups

* A security group acts as a **firewall** that controls the traffic allowed to and from the resources in your virtual private cloud (VPC).
* One can choose the ports and protocols to allow for inbound traffic and outbound traffic.
* They contain only `allow` rules.

## Responsibilities

* They regulate access to ports.
* They regulate authorized IP ranges for IPv4 and IPv6.
* Control of inbound network traffic.
* Control of outbound network traffic.

## Basics

* A good basic introduction can be obtained [here](https://docs.aws.amazon.com/vpc/latest/userguide/security-groups.html).
* One security groups can be attached to multiple instances.
* They apply to a region/VPC combination. One SG group is applicable only to one region only.
* By default, all **inbound** traffics are **blocked** to AWS resource and all **outbound** traffics are **allowed** from AWS resource.
* One or more security group can be attached to other security group/s.
* One AWS resource can have multiple security groups attached to it.
* Some commonly used service name and port can be found as follows,

  | Service name | Port |
  | :----------: | :--: |
  |   SSH, SFTP  |  22  |
  |      FTP     |  21  |
  |     HTTP     |  80  |
  |     HTTPS    |  443 |
  |      RDP     | 3389 |
* If connection refused error occurs, then it is an application issue as it may have errored out and did not launch.
* `ssh` command to log into an Linux ec2-instance looks as follows for `Linux` or `mac`,

```bash
    ssh -i <path-to-pem-file> ec2-user@<public-ip-address> 
```

> **By default amazon linux 2 AMI has `ec2-user` has default user setup.**\
> **Ensure the `pem`/`ppk` file has correct user permission i.e 0400 in Linux/MAC**

## References

* [What is SG](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-security-groups.html)