AWS Security Groups

Security groups are fundamental to network security in AWS and are used to control the flow of traffic into and out of EC2 instances.

Security groups contain only allow rules and are able to referenced via security group or IP Address
Think of a security group as a firewall on an EC2 instance and they regulate:

Authorised IP ranges both IPv4 and IPv6
What ports are open
Outbound network traffic from the EC2 instance
Inbound network traffic from the outside world to the EC2 instance

A security group rule contains the following:

  • Type – The type of traffic e.g. HTTP / SSH or a Custom TCP Rule
  • Protocol – The protocol pertaining to the rule e.g. TCP / UDP
  • Port Range – The allowed port e.g. 80 / 22 / 443
  • Source – The allowed source IP address / range. Note that the IP address 0.0.0.0/0 means any IP address

Security groups are able to be attached to more than one EC2 instance and are locked to a specified Virtual Private Cloud / Region

Security groups are outside an EC2 instance and where traffic is blocked by the security group then the traffic will not be passed through to the EC2 instance

Best practice dictates that a single security group should be created for SSH Access

Connection errors such as Timeout indicate that the Security Group is not correct whereas a Connection Refused error is usually because of an application error

The default setting for traffic pertaining to a security group is that all inbound traffic is blocked and all outbound traffic is authorised