Security Groups in AWS acts as a virtual firewall for your EC2 instances to control incoming and outgoing traffic. Both inbound and outbound rules control the flow of traffic to and traffic from your instance, respectively.
A security group is a virtual firewall which is controlling the traffic to your EC2 instances. When you first launch an EC2 instance, you can associate it with one or more security groups. A Security group is the first defense against hackers.
How AWS Security Groups Work?
AWS Security Groups help you secure your cloud environment by controlling how traffic will be allowed into your EC2 machines. With Security Groups, you can ensure that all the traffic that flows at the instance level is only through your established ports and protocols.
When launching an instance on Amazon EC2, you need to assign it to a particular security group. You can add rules to each security group that allow traffic to or from designated services including associated instances.
Like whitelists, security group rules are always permissive. It’s not possible to create rules that deny access. For example, you may have traffic coming from an Elastic Load Balancer (ELB) to a subnet with web servers. You AWS Security Group can list that ELB as their sole permitted source.
Security groups are stateful, which means that if an inbound request passes, then the outbound request will pass as well.
Creating Security Group:
Login to AWS console à search EC2 à Go to Network and Security à Security Group à Create Security group
Provide Security group Name and it’s description.
Also provide vpc details in which this security group should be lived.
Then go to inbound rule to allow traffic for ssh port from anywhere as below
Similarly add outbound rule to allow only HTTPS connections.
Add tag if wanted. Adding tag is optional and click on create security group.
Some important points to remember:
All inbound traffic is blocked by Default, i.e., you need to add the traffic such as HTTP, HTTPs, etc.
All outbound traffic is allowed automatically.
You can have any number of EC2 instances within a security group.
You can have multiple security groups attached to EC2 instance.
Security groups are locked down to a region/VPC combination.
Security groups are stateful, i.e., if you create an inbound rule allowing traffic in, that traffic is automatically allowed back out again.
It is good to maintain one separate group for SSH access.