Security Groups
Table of Contents
Amazon Security Groups #
- Security Groups are the fundamental of network security in AWS
- They control how traffic is allowed in or out of our EC2 instances
- Security Groups only contain allow rules
- Security Groups rules can reference an IP or another Security Group
- Security Groups are acting as a “firewall” for EC2 instances
Security Groups scope #
- Access to Ports
- Authorized IP ranges - IPv4 and IPv6
- Control inbound network
- Control outbound network
Security Groups principals #
- Can be attached to multiple instances
- Locked down to a region / VPC combination
- Lives “outside” of an EC2 instance - if traffic is blocked, EC2 won’t see it
- It’s a good practice to maintain one separate SG for SSH access
- If application is not accessible (time out) then it’s a Security Group issue
- If application gives a “connection refused” error then it’s an application error or it’s not launched
- All inbound traffic is blocked by default
- All outbound traffic is allowed by default
» Sources « #
Full YouTube Rahul’s AWS Course: https://www.youtube.com/playlist?list=PL7iMyoQPMtAN4xl6oWzafqJebfay7K8KP
» Table of contents (CLF-C02) « #
» Disclaimer « #
Disclaimer: Content for educational purposes only, no rights reserved.
Most of the content in this series is coming from Stephane Maarek’s Ultimate AWS Certified Cloud Practitioner CLF-C02 2025 course on Udemy.
I highly encourage you to take the Stephane’s courses as they are awesome and really help understanding the subject.
More about Stephane Maarek:
This article is just a summary and has been published to help me learning and passing the practitioner exam.