Create A Custom VPC Security Group

Create A Custom VPC Security Group

Create a custom VPC security group

Hello Everyone

Welcome to CloudAffaire and this is Debjeet

In the last blog post, we have created a peering connection between two cross region VPC of same AWS account.

https://cloudaffaire.com/create-a-vpc-peering/

In this blog post, we are going to create a custom VPC security group and enable SSH. Below is the configuration diagram for this demo.

Create A Custom VPC Security Group

Security Group:

A security group acts as a virtual firewall for your instance to control inbound and outbound traffic. When you launch an instance in a VPC, you can assign up to five security groups to the instance. Security groups act at the instance level, not the subnet level. Therefore, each instance in a subnet in your VPC could be assigned to a different set of security groups. If you don’t specify a particular group at launch time, the instance is automatically assigned to the default security group for the VPC. For each security group, you add rules that control the inbound traffic to instances, and a separate set of rules that control the outbound traffic. This section describes the basic things you need to know about security groups for your VPC and their rules.

In this demo, we are going to create a custom VPC security group and deploy an EC2 instance with this custom security group. To perform this demo you need one VPC with the public subnet.

We have already created the VPC’s and subnets

Next, we are going to create a custom security group for this VPC.

Create a custom security group:

Step 1: Login to AWS console and navigate to ‘VPC’.

Create A Custom VPC Security Group

Step 2: Navigate to ‘Security Groups’ and click ‘Create security group’.

Create A Custom VPC Security Group

Observed: One default security group is already created for this VPC. Whenever you create a VPC, one security group is automatically created with it and will be used as a default security group if you don’t explicitly define a custom security group during the instance creation.

Step 3: Provide name, description and select the VPC. Click ‘Create’.

Create A Custom VPC Security Group

One success message will be displayed, click ‘Close’.

Create A Custom VPC Security Group

Our new custom security group successfully created.

Create A Custom VPC Security Group

Inbound rules:

Create A Custom VPC Security Group

Note: By default, no inbound rules are added to a new security group.

Outbound rules:

Create A Custom VPC Security Group

Note: By default, all outbound connections are enabled.

Next, create an EC2 instance in this VPC and public subnet with the new security group.

Create A Custom VPC Security Group

Create A Custom VPC Security Group

Since no inbound rule is enabled, if you try to connect to your EC2 instance through the internet it will fail to connect.

Create A Custom VPC Security Group

Next, we are going to enable SSH on port 22 in our custom security group.

Step 4: Select the security group and click ‘Edit rules’ located under ‘Inbound Rules’.

Create A Custom VPC Security Group

Step 5: Click ‘Add Rule’. Provide type, protocol, and port and source information for the rule. Click ‘Save’.

Create A Custom VPC Security Group

Note: We are explicitly providing our host system IP as the source. Hence no other system will be able to connect.

Inbound rule for SSH successfully enabled.

Create A Custom VPC Security Group

Create A Custom VPC Security Group

Note: Security group rules are state-full. Meaning if we define any inbound\outbound rule, the response to that traffic will be automatically enabled. Hence we don’t need to enable SSH on the outbound rule.

Next, if you try to connect to the EC2 instance, it will successfully connect.

Create A Custom VPC Security Group

Observe: Though we are able to connect to the EC2 instance from our host system. But still, it is not pinging. In order to enable ping, we need to add another rule in our security group for PING.

Step 6: Add another inbound rule for PING.

C:\Users\E0215335\AppData\Local\Temp\SNAGHTML29816782.PNG

If we try to ping the EC2 instance now, it will respond to ping.

Hope you have enjoyed this article. In the next blog post, we are going to discuss network ACL in VPC.

To get more details on VPC, please refer below AWS documentation

https://docs.aws.amazon.com/vpc/index.html

 

Leave a Reply

Close Menu