Ec2 Security Group
Step-by-Step Guide to Creating and Configuring AWS Security Groups for EC2 Instances

Step-by-Step Guide to Creating and Configuring AWS Security Groups for EC2 Instances

Subhankar Paul's photo
Subhankar Paul
·

3 min read

Security Groups in AWS act as virtual firewalls, controlling inbound and outbound traffic for EC2 instances. Proper configuration ensures your resources are secure yet accessible. This guide walks you through creating, configuring, and managing Security Groups.

Prerequisites

  • An AWS account (Free Tier eligible).

  • Basic understanding of EC2 instances.

Step 1: Log into the AWS Management Console

  1. Go to AWS Console.

  2. Sign in with your credentials.

Step 2: Navigate to EC2 Security Groups

  1. From the Services menu, select EC2 under "Compute."

  2. In the left sidebar, click Security Groups (under "Network & Security").

Step 3: Create a Security Group

  1. Click Create security group.

  2. Fill in the details:

    • Security group name: E.g., Web-Server-SG.

    • Description: E.g., "Allow web and SSH traffic."

    • VPC: Leave as the default VPC.

Configure Inbound Rules

Add rules to control incoming traffic:

  1. Rule 1: SSH Access (Port 22)

    • Type: SSH.

    • Source: Choose My IP to restrict access to your IP. Alternatively, enter a specific IP in CIDR notation (e.g., 192.0.2.0/32).

  2. Rule 2: HTTP Access (Port 80)

    • Type: HTTP.

    • Source: 0.0.0.0/0 (public access for web traffic).

  3. Rule 3: HTTPS Access (Port 443)

    • Type: HTTPS.

    • Source: 0.0.0.0/0.

Configure Outbound Rules

By default, all outbound traffic is allowed. To restrict:

  1. Remove the default rule.

  2. Add custom rules (e.g., allow outbound HTTP/HTTPS for updates).

Step 4: Launch an EC2 Instance with the Security Group

  1. Return to the EC2 Dashboard and click Launch Instance.

  2. Choose an AMI (e.g., Amazon Linux 2 AMI).

  3. Select a t2.micro instance (Free Tier eligible).

  4. On the Configure Security Group page:

    • Select Select an existing security group.

    • Choose your newly created Web-Server-SG.

  5. Complete the setup and launch the instance.

Step 5: Modify Security Group Rules (Post-Launch)

  1. Go to Security Groups.

  2. Select your Security Group and click Edit inbound rules or Edit outbound rules.

  3. Add/remove rules as needed. For example:

    • Block a port: Delete the rule for port 22 if SSH access is no longer needed.

    • Allow a new service: Add a rule for MySQL (Port 3306) with a restricted source IP.

Best Practices for Security Groups

  1. Least Privilege: Only open necessary ports (e.g., avoid opening port 22 to 0.0.0.0/0).

  2. Use Specific IPs: Restrict sources to specific CIDR ranges.

  3. Layer Security: Use separate Security Groups for web servers, databases, and applications.

  4. Regular Audits: Review rules periodically to remove unused access.

Testing Your Configuration

  • SSH Access: Use ssh -i your-key.pem ec2-user@public-ip (replace with your instance’s IP).

  • Web Access: Open http://public-ip in a browser to test HTTP.

Conclusion

AWS Security Groups are essential for securing EC2 instances. By following this guide, you’ve learned to create, configure, and manage them effectively. Always prioritize minimal access and regular reviews to maintain a robust security posture in the cloud.

Devops#90daysofdevopsTrainWithShubhamCloudCloud Computingcloud nativeAWSAWS Community Builder