Lock down your VPC with AWS security groups

Netshock on AWS VPC

It’s important to keep your online empire secure. Through AWS we do that with security groups.

Within your VPC you can have, by default, up to 100 security groups. Each group can have up to 50 rules. By default, we are allowed to launch 5 VPCs – we need to request to increase the limit if we need

Instances associated with a security group cannot communicate with each other unless ports are open to these instances UNLESS they are in the default security group.

VPC security groups can be changed after an instance is launched – this was not possible in EC2 classic

Follow the below steps to get familiar with vpc security groups

  1. Open the EC2 console

  2. Launch 2 instances

  3. Go to VPC menu item

    1. Click on the security groups link

    2. By default outbound ports are all open but incoming ports are denied by default

    3. Instances using default VPC can communicate with one another because of the way the default security group is configured

    4. Click on the “inbound rules” tab of a security group

      1. Type = all traffic

      2. Protocol = all

      3. Port range = all

      4. Source = security group ID

    5. If you SSH to the new server, you can type curl server2 IP – this should (if configured correctly) return some details about server 2

You can enable this connection by enabling:

  • Connection from a specific subnet

  • Connection from a specific IP

  • Connection from a specific security group

Image used under creative commons

This article was brought to you by Netshock. Netshock aim to provide technology guides and insight to our readers

Tagged under:

3 Comments

  • Victor Hernandez

    Wow, this is a very good tip and one that I bet most people didn’t know they could do within the EC2 console.

  • Jamie Murray

    Hi, thanks for the creating such a great article, it helped me a lot.

  • Jen Hackman

    Thanks, very useful, as I study for AWS certification.

Comments are closed.