Security Groups
Introduction
• Security Groups are fundamental to network security in AWS
• They control how traffic is allowed into or out of our EC2 Instances.
• Security groups only contain rules
• Security groups rules can be referenced by IP or by security group
Deeper Dive
• Security groups are acting as a “firewall” on EC2 instances
• They regulate:
Access to Ports
Authorised IP ranges – IPv4 and IPv6
Control of inbound network (from other to the instance)
Control of outbound network (from the instance to other)
Diagram
Good to know
Can be attached to multiple instances
Locked down to a region / VPC combination
Does live “outside” the EC2 – if traffic is blocked the EC2 instance won’t see it
It’s good to maintain one separate security group for SSH access
If your application is not accessible (time out), then it’s a security group issue
If your application gives a “connection refused“ error, then it’s an application error or it’s not launched
All inbound traffic is blocked by default
All outbound traffic is authorised by default
Referencing other security groups
Classic Ports to know
• 22 = SSH (Secure Shell) - log into a Linux instance
• 21 = FTP (File Transfer Protocol) – upload files into a file share
• 22 = SFTP (Secure File Transfer Protocol) – upload files using SSH
• 80 = HTTP – access unsecured websites
• 443 = HTTPS – access secured websites
• 3389 = RDP (Remote Desktop Protocol) – log into a Windows instance
Last updated