Understanding Security Groups in AWS EC2
Introduction
Security groups in AWS act as virtual firewalls for EC2 instances, controlling inbound and outbound traffic. Unlike traditional firewalls, security groups only contain allow rules, meaning they define what is permitted, rather than explicitly blocking traffic. In this lecture, we will cover the fundamentals of security groups, their configuration, and best practices.
1. What Are Security Groups?
- Security groups are stateful firewalls that regulate access to EC2 instances.
- They define inbound rules (incoming traffic) and outbound rules (outgoing traffic).
- Security groups only allow traffic; they do not contain deny rules.
- They can be referenced by:
- IP addresses (e.g., allowing access only from a specific location).
- Other security groups (useful for inter-instance communication).
2. How Security Groups Work
Inbound and Outbound Rules
- Inbound rules: Define traffic allowed into the instance.
- Outbound rules: Define traffic allowed out of the instance (default: all traffic is allowed).
Example Scenario
- A user on the public internet wants to SSH into an EC2 instance.
- A security group is attached to the EC2 instance.
- The security group rule allows traffic on port 22 from the user’s IP address.
- Any unauthorized IP address trying to connect will be blocked.
| Type |
Protocol |
Port Range |
Source |
| SSH |
TCP |
22 |
My IP (xx.xx.xx.xx) |
| HTTP |
TCP |
80 |
0.0.0.0/0 (Anywhere) |
| HTTPS |
TCP |
443 |
0.0.0.0/0 (Anywhere) |