Security Groups

  • Acts as a "virtual firewall" for your EC2 instances to control incoming and outgoing traffic (traffic going into your instance and traffic going out of your instance).

  • If you don't specify a security group, EC2 uses the default security group.

  • Can only add allow rules to security groups.

    • Can't add deny rules.

  • You can modify the rules for a security group at any time.

  • Stateful

    • Regardless of any rules, return traffic is automatically always allowed.

Parameters for creating a security group

  • Name

    • The name for the security group.

  • Protocol

    • The protocol to allow.

    • The most common protocols are 6 (TCP), 17 (UDP), and 1 (ICMP).

  • Port range

    • For TCP, UDP, or a custom protocol, the range of ports to allow.

    • You can specify a single port number or a range of port numbers.

  • ICMP type and code

    • For ICMP, the ICMP type and code.

  • Source or destination

    • The source (inbound rules) or destination (outbound rules) for the traffic.

    • Specify one of these options:

      • An individual IPv4 address.

      • An individual IPv6 address.

      • A range of IPv4 addresses, in CIDR block notation.

      • A range of IPv6 addresses, in CIDR block notation.

      • A prefix list ID.

      • Another security group.

Last updated