Simple Notification Service (SNS)
Kinesis + MQ
Databases & Analytics
Security Groups
  • Acts as a "virtual firewall" for your EC2 instances to control incoming and outgoing traffic (traffic going into your instance and traffic going out of your instance).
  • If you don't specify a security group, EC2 uses the default security group.
  • Can only add allow rules to security groups.
    • Can't add deny rules.
  • You can modify the rules for a security group at any time.
  • Stateful
    • Regardless of any rules, return traffic is automatically always allowed.

Parameters for creating a security group

  • Name
    • The name for the security group.
  • Protocol
    • The protocol to allow.
    • The most common protocols are 6 (TCP), 17 (UDP), and 1 (ICMP).
  • Port range
    • For TCP, UDP, or a custom protocol, the range of ports to allow.
    • You can specify a single port number or a range of port numbers.
  • ICMP type and code
    • For ICMP, the ICMP type and code.
  • Source or destination
    • The source (inbound rules) or destination (outbound rules) for the traffic.
    • Specify one of these options:
      • An individual IPv4 address.
      • An individual IPv6 address.
      • A range of IPv4 addresses, in CIDR block notation.
      • A range of IPv6 addresses, in CIDR block notation.
      • A prefix list ID.
      • Another security group.