AWS Networking Contd
Activity
- Create two ec2 instance in two subnets of default vpc.
- Try connectiong these ec2 instances from your system and also connecting between ec2 instances
- Try repeating the above steps by creating your own vpc
Case 1: Default VPC with 2 ec2’s in two subnets with public ips
- Created two ec2 instances with 22 port opened sg rule
Case 2: Custom VPC with 2 ec2
- If the IGW is attached and connected to default route table and there is no other route table then it will work similar to default vpc
Security Groups
- Security groups are like firewalls around network interfaces (ec2)
- Security groups will have only allow rules
- Security groups belong to vpc
- Security group has two rule categories
- incoming/ingress/inbound
- outgoing/egresss/outbound
- Each rule consists of the following
- source/destination address
- protocol
- port
- A network interface can have multiple security groups attached to it.
- Every vpc will have a default security group
- inbound all traffic from a specific security group
- all outbound traffic is allowed
- Lets try to create a security group without changing any rules
- the default while creating is no inbound and allow everything outbound
-
Protocols supported in SG are
- TCP
- UDP
- ICMP
-
The other layer of security is added by network acl
- We will discuss on this security in next session
