AWS Classroom Series – 16/Jul/2020

Security to subnet and EC2 instances

  • Security to EC2 instances (Network Interface) is provided using Security Groups
  • Security to Subnet is Provided using Network ACL (NACL) Preview

Security Group

  • It is assigned to ENI
  • In Security group by default everything is denied
  • You can write rules to only allow
  • Security Group rules are created at vpc level
  • When we create a vpc a default security group is created
  • Lets create one Security Group rule which allows 80 and 22 port from any one Preview Preview
  • Protocols => TCP, UDP, ICMP
  • PORTS
  • TO WHOM => 0.0.0.0/0 (Anyone), x.x.x.x/32 (specific ip), x.x.0.0/16(cidr range) Preview Preview
  • This sg can be applied to any ec2 instance created in the vpc

Network ACL (NACL)

  • It is applied at subnet level
  • Here you can create allow as well deny rules
  • Rules will have priority associated with number, lower the number higher the priority
  • NACL also belongs to VPC
  • Lets create one nacl to allow 22,80,443 from internet, all traffic from with in vpc and deny rest of the traffic from internet Preview Preview Preview
  • Rules can be between 1 and 32766, It is always a good idea to leave some numbers b/w rules Preview Preview Preview Preview
  • By Default AWS creates one default vpc with allow all incoming and outgoing rules

Exercise: Create the following network from CLI and Console

Preview

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Please turn AdBlock off
Social Network Widget by Acurax Small Business Website Designers

Discover more from Direct DevOps from Quality Thought

Subscribe now to keep reading and get access to the full archive.

Continue reading

Visit Us On FacebookVisit Us On LinkedinVisit Us On Youtube