Security Groups

  1. Security Groups are virtual firewalls at the instance level
  2. 1 or more security groups can be assigned to an EC2 instance
    1. When more than one SG is assigned to an EC2, the all the rules (ALLOW) are aggregated
    2. SGs can’t be assigned to subnets or VPCs
  3. Security Groups belong to a VPC. They can’t be shared across VPCs
  4. Traffic
    1. Rules will only ALLOW traffic. No DENY rules.
    2. Provide type, protocol/port (example RDP 3389, MySQL/Aurora 3306) , destination for allowed traffic  for inbound and outbound
    3. When you create a new SG, by default two rules are created
      1. All inbound traffic is allowed from within the same SG (rule 1)
      2. No inbound traffic is allowed from outside (no rule)
      3. outbound traffic to all destinations ( is ALLOWED (rule 2)
  5. SGs are stateful (unlike Network ACLs), meaning if a protocol (say HTTP) is allowed inbound, then when a request comes in, the corresponding reply packets are allowed outbound irrespective of outbound rules, thus maintaining state.
  6. Any changes to SGs will be effective immediately. No need to stop/start EC2
<<< Elastic Compute Cloud (EC2)Elastic Block Storage (EBS) >>>
Copyright 2005-2016 KnowledgeHills. Privacy Policy. Contact .