Security group basics (How and why to use).

894    Asked by PaulWhite in AWS , Asked on Jan 29, 2020
Answered by Paul White

 The first line of defense to any launched instance or for any AWS resource is VPC, which is defined for the entire network. The 2nd line of defense comes by “Security Groups” which are individually defined for every instance.

The security group contains 2 rules: 1st “Inbound” and 2nd “Outbound”.

Inbound Rules - Are defined for the traffic coming to instance, and hence everything is blocked by default except SSH (else one will not be able to ssh the instance after launch).

Outbound Rules - Are defined for traffic going out of the machine and hence, by default everything is allowed.

Eg - Let’s say you’ve configured Apache on EC2 instance, then a http rule for port 80/443 should be allowed within Inbound (so that the url hit can be accessed and processed from browser) and so should be allowed in outbound also.



Your Answer

Interviews

Parent Categories