Please enable JavaScript.
Coggle requires JavaScript to display documents.
THE USE OF SECURITY GROUP IN AWS - Coggle Diagram
THE USE OF SECURITY GROUP IN AWS
1) EC2 SECURITY GROUPS FOR INSTANCE
:check: A security group acts as a virtual firewall for your EC2 instances to control incoming and outgoing traffic.
:check: When user launch an instance, user can specify one or more security groups.
:green_cross: If user don't specify a security group, Amazon EC2 uses the default security group.
:check: User can add rules to each security group that allow traffic to or from its associated instances and user can modify the rules for a security group at any time.
:check: New and modified rules are automatically applied to all instances that are associated with the security group.
:check: When user launch an instance in a VPC, user must specify a security group that's created for that VPC and after launch an instance, user can change its security groups.
:check: Security groups are associated with network interfaces.
2) SECURITY GROUP RULES
:star: The rules of a security group control the inbound traffic that's allowed to reach the instances that are associated with the security group and also control the outbound traffic.
:star: The following are the characteristics of security group rules
:pencil2: By default, security groups allow all outbound traffic.
:pencil2: Security group rules are always permissive and user can't create rules that deny access.
:pencil2: Security group rules enable to filter traffic based on protocols and port numbers.
:pencil2: For VPC security groups, that responses to allowed inbound traffic are allowed to flow out, regardless of outbound rules.
:pencil2: User changes are automatically applied to the instances that are associated with the security group.
:pencil2: User can assign multiple security groups to an instance.
:star: For each rule specify the following
:lock: Protocol
:lock: Port Range
:lock: Name
:lock: ICMP Type and Cole
:lock: Source or Destination
:lock: Description
3) WORK WITH SECURITY GROUPS
:tada: User can assign a security group to an instance when launch the instance.
:tada: When user add or remove rules, those changes are automatically applied to all instances to assigned the security group.
:tada: After launch an instance, user can change its security groups.
:tada: User can create, view, update, and delete security groups and security group rules using the Amazon EC2 console and the command line tools.
4) TYPES OF AWS SECURITY GROUPS
:explode: EC2-Classic
:check: User can only create inbound rules
:check: When user have already launched an instance, user cannot assign a different security group to it
:check: when add a rule to EC2-Classic security groups, user no longer have to specify a protocol.
:explode: EC2-VPC
:check: User can create inbound rules and outbound rules.
:check: User can change the assigned group.
:check: User need to have specify a protocol with EC2-VPCs