What is AWS Security Group Examples and Best Practices-DecodingDevOps

What is AWS Security Group Examples and Best Practices

AWS Security Groups

AWS Security Group is an instance level of security. It provides very basic security to the instances and therefore it is the last level of security. It is based on port and protocol level security. So the user needs to allow traffic using rules for it's incoming and outgoing requests. Security Group (SG) in AWS works the same as firewall in OS. But unlike Network ACL, there is no any option to deny traffic. So we can only allow in or out traffic using security group. security roup is VPC specific. So one can use a particular security group in the same VPC. security groups could not be used outside that VPC.

However, in firewalls, users need to allow both in and out traffic for the same requests, so requests could be allowed and responded back by the server. But in AWS security groups, users need not to define rules in both the tables (OUTBOUND and INBOUND). If user defines a rule into INBOUND table then requests can automatically get responded back by AWS.

How to Create Security Groups?

 To create security group, we need to figure out which VPC we want to create. So we need a VPC before we create security group.

what is aws security groups

  1.  Security Group name: Name of the security group.
  2.  Description: Description for the security group. It is an optional field.
  3.  VPC: VPC ID of the created VPC

 

In AWS, There are two tables, one is for the INBOUND and one is for the OUTBOUND and there are five fields in each table the user needs to define to actually add a rule.

how to create aws security groups

  1. Type: There are predefined types of the protocols e.g. HTTP (80 port), HTTPS (443 port), SSH (22 port) and so on. There is also a CUSTOM type in which the user can define his own port.
  2. Protocol: Users can choose TCP or UDP or Both as a protocol.
  3. Port Ranges: Whatever port user wants to allow as inbound or outbound, he defines that port in this field. If Type is being selected as custom then users can define custom ports. AWS allows range of the ports also. So 0-80 in Port Ranges depicts port from 0 to 80.
  4. Source: In AWS, users can allow port for specific CIDR IPs. User needs to enter the CIDR IP range into the source. Source field is visible into the Inbound table.
  5. Destination: Like source in Inbound table, user can define specific CIDR IPs into destination field. It only allows outbound traffic for that particular range.
  6. Description: User can add description for that rule.

Note: If a user wants to allow traffic for that particular port, he needs to enter 0.0.0.0/32 as CIDR IP.

Add Security Group To Ec2 Instance

Allow Multiple Security Groups

In AWS, users can select more than two security groups for the instances. 

1) First User needs to create an EC2 server with a single security group. (Optional if already a EC2 is running)

2) Go to that EC2 and select it.

aws security groups documentation

3) Click on Action and "Change Security Groups" under the "Networking" section.

aws security groups examples

4) Select security groups you want to attach to that particular EC2. and click on "Assign Security Groups".

 

  • how to add aws security group to ec2 instance
  • aws security group examples
  • how to create aws security groups
  • aws security group best practices
  • what is aws security groups
  • aws security group documentation