In this article, we are going to learn Security Groups Concepts – Create Custom Security Group in AWS Cloud. A security group acts as a virtual firewall for your EC2 instances to control incoming and outgoing traffic. Inbound rules control the incoming traffic to your instance, and outbound rules control the outgoing traffic from your instance. When you launch an instance, you can specify one or more security groups. If you don’t specify a security group, Amazon EC2 uses the default security group. You can add rules to each security group that allow traffic to or from its associated instances. You can modify the rules for a security group at any time. New and modified rules are automatically applied to all instances that are associated with the security group. When Amazon EC2 decides whether to allow traffic to reach an instance, it evaluates all of the rules from all of the security groups that are associated with the instance.
When you launch an instance in a VPC, you must specify a security group that’s created for that VPC. After you launch an instance, you can change its security groups. Security groups are associated with network interfaces. Changing an instance’s security groups changes the security groups associated with the primary network interface (eth0).
Create Custom Security Group:
A security group acts as a virtual firewall for your instance to control inbound and outbound traffic. To create a new security group, complete the fields below.
Search for VPC in the AWS console. On the left side, click on Security Groups in the Security option and then click on Create security group.
Enter a descriptive name and brief description, and choose the VPC in which to create the security group. The security group can only be used in the VPC in which it is created. You can also add custom inbound and outbound rules that control the traffic that’s allowed to reach and leave the resources that are associated with the security group.
Inbound rules and Outbound rules::
You can choose to add inbound and outbound rules at the time of creation, or you can add them at any time after you have created the security group. To add a security group rule, you must specify:
- The protocol to allow.
- The range of ports to allow.
- The traffic source to allow for inbound rules, or the traffic destination to allow for outbound rules.
- An optional description.
In the Inbound rules of security group, I will set SSH, HTTP, HTTPS here. You can set what you want according to your requirements.
In the Outbound rules of the security group, I will set the All Traffic here. You can set what you want according to your requirements.
Tags – optional:
A tag is a label that you assign to an AWS resource. Each tag consists of a key and an optional value. You can use tags to search and filter your resources or track your AWS costs.
After all the above settings, click on “Create security group” and the security group will be created.
Now in “Security Groups” you will see the Security Group you created.
Security Groups Points:
- Security group is a virtual firewall. It controls traffic at the virtual server or EC2 Instance (Specifically. associated with virtual network interface also known as ENI- Elastic Network Interface).
- Its the defense in depth, basically the last defense component in the VPC.
- An EC2 Instance must have a security Group at launch.
- Security group are stateful and Directional.
- If Inbound traffic is allowed, return traffic (Outbound) is allowed (no rules required).
- If Outbound traffic is allowed, return traffic (Inbound) is allowed (no rules required).
- Security groups are are basically virtual firewalls that protect your Virtual Servers or EC2 Intances.
- Can have only PERMIT rule (allow rule).
- DENY rule not possible.
- All rules are checked to find Permit rule Implicit deny rule at end (by default).
- Default Security group in Default or Custom VPC.
- Inbound rules allows Mutiple EC2 instance assigned to same security group talk to each other.
- All Outbound traffic is allowed by default.
- Custom Security group in Default or Custom VPC.
- No Inbound rules- all inbound traffic denied by default.
- All Outbound traffic is allowed by default.
- Security groups all rules can be changed Inbound and Outbound (Not like Route Table).
- Default Security Group cannot be deleted Changes to Security group effect immediately.
That’s all, In this article, we have explained How to Create and configure Custom VPC (Virtual Private Cloud) in AWS Cloud. If you like this article, then just share it and then do subscribe to email alerts for Linux, Windows, macOS, Android, Internet, Firewall and Security, CCTV tutorials. If you have any questions or doubts about this article, please comment.