Secrity Groups
Security groups allow specific inbound and outbound traffic at resources level (ex: EC2 instance). when you launch a instance then you can associate it with one or more security groups. Each instance in your VPC could belong to different set of security groups. If you don’t specify a security , when you launching a instance then the instance is automatically associate with default security groups for it’s VPC.
You can assign a security group only to resources which created in same VPC as the security group. You can assign multiple security groups to a resource.
Security groups are stateful. For example, if you send a request from instance, the response traffic for that request is allowed to reach the instance regardless of the inbound security groups rules.
Security group example
The following diagram shows a VPC with two security groups and two subnets. The instances in subnet A have the same connectivity requirements, so they are associated with security group 1. The instances in subnet B have the same connectivity requirements, so they are associated with security group 2. The security group rules allow traffic as follows:
The first inbound rule in security group 1 allows SSH traffic to the instances in subnet A from the specified address range (for example, a range in your own network).
The second inbound rule in security group 1 allows the instances in subnet A to communicate with each other using any protocol and port.
The first inbound rule in security group 2 allows the instances in subnet B to communicate with each other using any protocol and port.
The second inbound rule in security group 2 allows the instances in subnet A to communicate with the instances in subnet B using SSH.
Both security groups use the default outbound rule, which allows all traffic.
Top comments (0)