Welcome to CloudAffaire and this is Debjeet
In the last blog post, we have discussed how to create AMI from an existing EC2 instance.
In this blog post, we are going to discuss security groups.
We can create a virtual firewall to control the traffic of one or more instances using security group. During AWS account creation one default VPC along with a security group is mapped to our account. During the instance creation, we can define our own security group, else the default security group will be used as an instance security group. We can add rules in the security group to control inbound and outbound traffic to our instance. We can add, edit rules in security group and AWS will dynamically apply those rules to our instance.
Security group mapped to an instance can be changed to another security group and the new security group rules will be applied dynamically to our instance. Security groups are mapped with instance primary network interface and changing the security groups will also change the security group associated with the primary network interface of that instance. We can also associate a secondary network interface with a security group. Whenever we create a new VPC, one new security group mapped with that VPC will be created. We can also implement our own firewall in addition to the security group.
Security groups features
- By default, the security group allows all traffic.
- Security group rules are always permissive; we can’t create rules that deny access.
- Security group configurations are called rules.
- Incoming traffic is controlled by inbound rules and outgoing traffic are controlled by outbound rules.
- Security groups are stateful. If we send a request from your instance, the response traffic for that request is allowed to flow in regardless of inbound security group rules.
- We can change security groups rule anytime and the changes will be applied to instances associated with that security group dynamically.
- Multiple security groups can be configured for a single instance.
- One security groups can govern multiple instances.
- Security groups support most of the common protocols and associated port ranges.
- We can add a description for any rule configured in the security group
- Security groups utilize connection tracking to track the traffic information.
Hope you have enjoyed this blog post. In the next blog, we are going to create one custom security group and assign it to an active EC2 instance.