Security Groups

Introduction

• Security Groups are fundamental to network security in AWS

• They control how traffic is allowed into or out of our EC2 Instances.

• Security groups only contain rules

• Security groups rules can be referenced by IP or by security group

Deeper Dive

• Security groups are acting as a “firewall” on EC2 instances

• They regulate:

• Access to Ports

• Authorised IP ranges – IPv4 and IPv6

• Control of inbound network (from other to the instance)

• Control of outbound network (from the instance to other)

Diagram

Good to know

• Can be attached to multiple instances

• Locked down to a region / VPC combination

• Does live “outside” the EC2 – if traffic is blocked the EC2 instance won’t see it

• It’s good to maintain one separate security group for SSH access

• If your application is not accessible (time out), then it’s a security group issue

• If your application gives a “connection refused“ error, then it’s an application error or it’s not launched

• All inbound traffic is blocked by default

• All outbound traffic is authorised by default

Referencing other security groups

Classic Ports to know

• 22 = SSH (Secure Shell) - log into a Linux instance

• 21 = FTP (File Transfer Protocol) – upload files into a file share

• 22 = SFTP (Secure File Transfer Protocol) – upload files using SSH

• 80 = HTTP – access unsecured websites

• 443 = HTTPS – access secured websites

• 3389 = RDP (Remote Desktop Protocol) – log into a Windows instance