DEV Community

Cover image for ๐Ÿ“… Day 8 โ€” Inbound & Outbound Rules in AWS Security Groups
Sudarshan Yadav
Sudarshan Yadav

Posted on

๐Ÿ“… Day 8 โ€” Inbound & Outbound Rules in AWS Security Groups

#devops #networking #aws #security

๐Ÿ“… Day 8 โ€” Inbound & Outbound Rules in AWS Security Groups

Security Groups act as a virtual firewall in AWS that protect EC2 instances from unwanted traffic and ensure secure communication.
Today, I learned how Inbound and Outbound rules work โ€” a critical skill for deploying secure applications in real DevOps workflows.---

AWS Networking โ€” EIP + Inbound + Outbound Rules

๐ŸŸฆ What is Elastic IP (EIP)?

Feature Description
IP Type Static Public IPv4
Changes on reboot? โŒ No โ€” Always same IP
Attach/Detach โœ” Yes (between EC2 or ENI)
Usage Public-facing workloads

Why is EIP needed?

Issue with normal Public IP EIP Solution
IP changes on stop/start Fixed Public IP avoids breakage
DNS mapping breaks Stable IP for web apps
Can't maintain public connectivity Reliable customer access

Where EIP is used?

Use Case Reason
Web Servers Same public IP always
Bastion Hosts Secure admin access
NAT Instances Private subnet โ†’ Internet
VPN Gateways Stable connection point

AWS Console Steps

Step Action
1 Go to EC2 โ†’ Elastic IPs โ†’ Allocate
2 Select Allocate IP
3 Associate with EC2/ENI
4 Add SG rules to allow public access

๐Ÿ“ EIP is free only when attached to a running instance.

๐Ÿ” Security Groups (SG) โ€” Firewall for EC2 Services

Direction Controls Default
Inbound Traffic coming into EC2 Deny All
Outbound Traffic going out from EC2 Allow All

โฌ‡๏ธ Inbound Rules โ€” Entering EC2

Port Protocol Source Purpose
22 SSH My Public IP Secure instance login
80 HTTP 0.0.0.0/0 Public website access
443 HTTPS Anywhere Secure web access
3306 MySQL App-SG only Protect DB from Internet

๐Ÿ“Œ If a port isn't allowed โ†’ access blocked

Example Traffic Flow:

Internet โ†’ Allow 80 โ†’ Web Server EC2
Admin โ†’ Allow 22 โ†’ EC2
App Server SG โ†’ Allow 3306 โ†’ Database EC2
Enter fullscreen mode Exit fullscreen mode

โฌ†๏ธ Outbound Rules โ€” Leaving EC2

Use Case Why Needed
System Updates Install packages
API Calls App to external services
DB Connection App to database
NAT Access Private โ†’ Internet
Rule Meaning
Allow All Outbound Normal EC2 networking
Restrict to DB Port EC2 can talk only to DB

๐Ÿ“Œ Default: Allow All Outbound

๐Ÿ”„ Security Group Traffic Flow 

                โฌ‡ Allowed Inbound
Internet ------------------> EC2 Instance
                โฌ† Allowed Outbound
Enter fullscreen mode Exit fullscreen mode

๐Ÿง  Interview Concepts

SG vs NACL

Feature Security Group NACL
Applies To Instance Subnet
Statefulness Stateful Stateless
Return Traffic Auto-allowed Must allow manually
Rule Types Allow only Allow + Deny

Common AWS Ports

Service Port
SSH 22
HTTP 80
HTTPS 443
MySQL 3306
PostgreSQL 5432

๐ŸŽฏ Hands-On Example โ€” Public EC2 Web Server

Step Action
1 Launch Ubuntu EC2
2 Allocate + Associate EIP
3 Configure SG:
โ€ข 80 (HTTP) โ†’ Anywhere
โ€ข 22 (SSH) โ†’ My IP only
4 Browse to EIP โ†’ โœ” Webpage up ๐ŸŽ‰

Thank You

๐Ÿ”— Connect With Me

๐ŸŒ Platform ๐Ÿ”— Link
๐Ÿ™ GitHub https://lnkd.in/d2F3JPa3
โœ๏ธ Dev.to Blog https://lnkd.in/dNtgqAME
๐Ÿ’ผ LinkedIn https://lnkd.in/d3NctxFT
๐Ÿ“„ Resume (Google Drive) https://lnkd.in/dHDNsd_D

๐Ÿ”– Hashtags

AWS #DevOps #CloudComputing #AWSLearning #EBS #VolumeMounting #DataPersistence #LearningJourney #CareerGrowth #DevOpsEngineer #AWSCommunity

Top comments (0)