A security group act as a basic virtual firewall for your instances. It helps in managing the traffic to your instances (EC2).
You can only set ‘allow‘ rules for inbound (incoming traffic) and outbound (outgoing traffic) rules. There are no DENY rules
This is stateful, What it means?
By default, you won’t have any inbound (incoming) and outbound (outgoing) traffic to your instances enabled. You let your instances communicate to the outer world or anyone we have to leverage security groups.
If you have set an inbound rule for HTTP for port 80 then the outgoing request will also be allowed. This means: anyone can reach your port 80 from HTTP and outgoing traffic would be also allowed without setting such rules for the request
Security groups are essential for security. It helps in controlling or setting the traffic rules for instance.
- Type: Here we select the type of traffic request we are expecting – HTTP, ssh, HTTPS, etc.
- Protocol: Here the protocol would be determined based on the ‘type’ value from AWS
- Port Range: Here the port would be determined based on the ‘type’ from AWS. You can also edit the value. Eg: for the web, it is always 80 ports, for ssh, it would be 22, and for RDS it would be 3306
- Source: this is where we would pick from where the traffic would come? Based on this the IP address can be set. If it is anywhere then it would be 0.0.0.0/0 (allow to all), we can set custom IP address(s) too.
- Description: custom description
|Is it chargeable?||No|
|Is it a Global or regional service||Regional|
|Can we use the same security group with multiple instances?||Yes|
|Can an Instance have multiple security Groups?||Yes|
How to create a security group?