AWS Networking Contd

Activity

• Create two ec2 instance in two subnets of default vpc.
• Try connectiong these ec2 instances from your system and also connecting between ec2 instances
  
• Try repeating the above steps by creating your own vpc
  

Case 1: Default VPC with 2 ec2’s in two subnets with public ips

• Created two ec2 instances with 22 port opened sg rule
  
  
  
  
  

Case 2: Custom VPC with 2 ec2

• If the IGW is attached and connected to default route table and there is no other route table then it will work similar to default vpc

Security Groups

• Security groups are like firewalls around network interfaces (ec2)
• Security groups will have only allow rules
• Security groups belong to vpc
• Security group has two rule categories
  • incoming/ingress/inbound
  • outgoing/egresss/outbound
• Each rule consists of the following
  • source/destination address
  • protocol
  • port
• A network interface can have multiple security groups attached to it.
• Every vpc will have a default security group
  • inbound all traffic from a specific security group
  • all outbound traffic is allowed
• Lets try to create a security group without changing any rules
  • the default while creating is no inbound and allow everything outbound
• Protocols supported in SG are
  • TCP
  • UDP
  • ICMP
    
• The other layer of security is added by network acl
  
• We will discuss on this security in next session