AWS Classroom Series – 16/Jul/2020

Security to subnet and EC2 instances

  • Security to EC2 instances (Network Interface) is provided using Security Groups
  • Security to Subnet is Provided using Network ACL (NACL) Preview

Security Group

  • It is assigned to ENI
  • In Security group by default everything is denied
  • You can write rules to only allow
  • Security Group rules are created at vpc level
  • When we create a vpc a default security group is created
  • Lets create one Security Group rule which allows 80 and 22 port from any one Preview Preview
  • Protocols => TCP, UDP, ICMP
  • TO WHOM => (Anyone), x.x.x.x/32 (specific ip), x.x.0.0/16(cidr range) Preview Preview
  • This sg can be applied to any ec2 instance created in the vpc

Network ACL (NACL)

  • It is applied at subnet level
  • Here you can create allow as well deny rules
  • Rules will have priority associated with number, lower the number higher the priority
  • NACL also belongs to VPC
  • Lets create one nacl to allow 22,80,443 from internet, all traffic from with in vpc and deny rest of the traffic from internet Preview Preview Preview
  • Rules can be between 1 and 32766, It is always a good idea to leave some numbers b/w rules Preview Preview Preview Preview
  • By Default AWS creates one default vpc with allow all incoming and outgoing rules

Exercise: Create the following network from CLI and Console


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

About learningthoughtsadmin