πŸ“ƒ
πŸ“ƒ
πŸ“ƒ
πŸ“ƒ
AWS SAA-C02
Search…
πŸ“ƒ
πŸ“ƒ
πŸ“ƒ
πŸ“ƒ
AWS SAA-C02
Practice Test Scores
Basics of IAM
Elastic Compute Cloud (EC2)
Overview
Security Groups
IP Addresses
User Data
Launch Types
Spot Instances
Instance Types
Amazon Machine Image (AMI)
Placement Groups
Elastic Network Interface (ENI)
Hibernate
Elastic Load Balancer (ELB)
Basic Terms
Elastic Load Balancing
Classic Load Balancer (CLB)
Application Load Balancer (ALB)
Network Load Balancer (NLB)
Stickiness
Cross Zone Load Balancing
SSL Certificates
Connection Draining/Deregistration Delay
Auto Scaling Groups (ASG)
Launch Configurations & Launch Templates
Overview
Dynamic Scaling and Scheduled Scaling
Lifecycle Hooks
Scaling Cooldowns
EC2 Storage (EBS, EFS, Instance Store)
Elastic Block Storage (EBS)
EBS Volume Types
EBS Snapshots
EBS Volume Migration
EBS Volume Encryption
EBS RAID configurations
Instance Store
Elastic File System (EFS)
EFS vs EBS
Relational Database Service (RDS)
RDS Overview
Running Databases on EC2
RDS Backups & RDS Restores
RDS Read Replicas
RDS Multi AZ
RDS Encryption
RDS IAM database authentication
Aurora
ElastiCache
Route53
Overview
DNS Record Types
Routing Policies
3rd Party Domains
Simple Storage Service (S3)
S3
Server-Side Encryption
S3 Security
Pre-signed URLs
S3 Websites
Cross-origin resource sharing (CORS)
Consistency Model
Advanced S3 & Athena
MFA Delete
Access Logs
Replication
Storage Classes
Lifecycle Configuration
Performance Optimization
Select and Glacier Select
Event Notifications
Object Lock and Glacier Lock
Athena Overview
CloudFront & Global Accelerator
CloudFront Overview
CloudFront Signed URL / Signed Cookies
Global Accelerator
Storage Gateway & FSx & Snowball/Snowmobile
Storage Gateway Overview
Storage Gateway File Gateway Hardware Appliance
FSx for Windows Servers
FSx for Lustre
Storage Comparison
Snowball/Snowmobile Overview
AWS Messaging
Simple Queue Service (SQS)
Overview
Message Visibility Timeout
Dead Letter Queues
Delay Queues
FIFO Queues
SQS + Auto Scaling Group
Simple Notification Service (SNS)
Overview
SNS & SQS - Fan Out Pattern
Kinesis + MQ
Kinesis
Amazon MQ
Serverless
Lamda Overview
[email protected]
DynamoDB Overview
DynamoDB RCUs and WCUs
DynamoDB Advanced Features
API Gateway Overview
API Gateway Security
Cognito Overview
AWS SAM (Serverless Application Model)
Databases & Analytics
Databases
Analytics
Monitoring
CloudWatch Concepts
CloudWatch Logs
CloudWatch Agent
EC2 Instance Recovery
CloudWatch Events
CloudTrail
Config
Mini Security Lesson
IAM Policies
Authorization
IAM Conditions
IAM for S3 Resources
IAM Permission Boundaries
Security & Management
Security Token Service (STS)
Identity Federation in AWS
Directory Service
Organizations
Resource Access Manager (RAM)
Single Sign On (SSO)
Security & Encryption
Encryption Overview
KMS Overview
SSM Parameter Store Overview
Secrets Manager Overview
CloudHSM
Shield
Web Application Firewall (WAF) Overview
Virtual Private Cloud (VPC)
Networking for VPCs
Default VPC Overview
VPC Overview
VPC Subnets
Internet Gateways & Route Tables
NAT Instances
NAT Gateways
DNS support in your VPC
NACLs vs Security Groups
VPC Peering
VPC Endpoints
VPC Flow Logs
Bastion Hosts
Site to Site VPN
Direct Connect
Egress-only Internet Gateway
AWS PrivateLink
AWS ClassicLink
VPN CloudHub
Transit Gateway
Disaster Recovery & Migrations
Plan for Disaster Recovery
Database Migration Service (DMS)
Migration Services
DataSync Overview
Other Services
Overview of Other Services
Powered By GitBook
Security Groups
  • Acts as a "virtual firewall" for your EC2 instances to control incoming and outgoing traffic (traffic going into your instance and traffic going out of your instance).
  • If you don't specify a security group, EC2 uses the default security group.
  • Can only add allow rules to security groups.
    • Can't add deny rules.
  • You can modify the rules for a security group at any time.
  • Stateful
    • Regardless of any rules, return traffic is automatically always allowed.

Parameters for creating a security group

  • Name
    • The name for the security group.
    ​
  • Protocol
    • The protocol to allow.
    • The most common protocols are 6 (TCP), 17 (UDP), and 1 (ICMP).
    ​
  • Port range
    • For TCP, UDP, or a custom protocol, the range of ports to allow.
    • You can specify a single port number or a range of port numbers.
    ​
  • ICMP type and code
    • For ICMP, the ICMP type and code.
  • Source or destination
    • The source (inbound rules) or destination (outbound rules) for the traffic.
    • Specify one of these options:
      • An individual IPv4 address.
      • An individual IPv6 address.
      • A range of IPv4 addresses, in CIDR block notation.
      • A range of IPv6 addresses, in CIDR block notation.
      • A prefix list ID.
      • Another security group.
Elastic Compute Cloud (EC2) - Previous
Overview
Next - Elastic Compute Cloud (EC2)
IP Addresses
Last modified 11mo ago
Copy link
Contents
Parameters for creating a security group