Back
Security Groups in AWS

Security Groups in AWS

Security Groups in AWS

I am sure that while working on Security groups, we do ponder about Firewalls and Rules i.e. allowing or denying traffic based on hardware or software firewalls. In case of AWS security groups are very similar to NACL’s in that they allow/deny traffic based on subnet Level with caveat that security groups are found on the instance Level. In scenario of AWS, access is allowed/denied based on an instance level .As an example – If instance security group deny HTTP traffic to come in, then no one can access HTTP application hosted on that system. This feature gives the flexibility to decide at instance level, whether traffic should be accepted and dropped.

  • A security groups acts as a Virtual Factory that controls the traffic for one or more instances.
  • Multiple Security groups can be associated with the instance
  • We can add rules to each security group that allows traffic to or from its associated instances.
  • We can modify the rules for a security group at any time, the new rules are automatically applied to all instances that are associated with the security group.
  • NACL’s evaluate the rules from lowest to highest when a match is found on 2 or 3 ACL. All the remaining rules are discarded, but in security groups it will always evaluate all the rules from all the security groups that are associated with the instance and then decide what to do.

Let’s see how to create Inbound and outbound rules in security groups of AWS. When we create a new security group in AWS, all the inbound traffic is denied by default and all the outbound traffic is allowed by default.

  • All traffic is DENIED unless there is an EXPLICIT ALLOW rule for it
  • There are no DENY rules only ALLOW rules

Steps –

Create a New security group. Notable is that by default there is a security group in AWS in which traffic is denied for all the inbound traffic and allowed for all the outbound traffic.

Add rule for allowing anywhere incoming traffic and outgoing traffic for HTTP only.

Then click create!!

Allow SSH for only one subnet in VPC for incoming and outgoing traffic.

Again click create!!

And we are done with creation of a sample Security Group in AWS. Hope the article was helpful and explained AWS related terminologies in simple words.

Related – Autoscaling in AWS

Tag:,

Rashmi Bhardwaj

I am here to share my knowledge and experience in the field of networking with the goal being - "The more you share, the more you learn."

I am a biotechnologist by qualification and a Network Enthusiast by interest. I developed interest in networking being in the company of a passionate Network Professional, my husband.

I am a strong believer of the fact that "learning is a constant process of discovering yourself."
- Rashmi Bhardwaj (Author/Editor)

You may also like

Simplifying Power over Ethernet PoE Installation
Simplifying Power over Ethernet PoE Installation
19 November, 2024
Cloudflare – What is it
What is Cloudflare? Working, Uses, Pros & Cons
14 November, 2024
Configure DHCP Relay Traffic to Use SD-WAN Rules
Configure DHCP Relay Traffic to Use SD-WAN Rules
12 November, 2024

Leave A Reply

Your email address will not be published. Required fields are marked *

two × two =

Select your currency
USD United States (US) dollar
INR Indian rupee