Aws EC2 Create Security Group
How to Create an AWs EC2 Security Group
AWS EC2 instances are great for launching your own website since they are flexible, can be easily configured and launched within minutes. However, when you launch an EC2 instance, you also need to assign it a key pair and a security group.
In this post, we are going to discuss the role of a security group in terms of managing traffic to and from your instance as well as how to create the security groups.
What a security group does is to control inbound and outbound traffic on your AWS EC2 instance. Once you have associated a security group to an instance, the security group will decide which type of traffic will reach and leave the instance.
To understand the role of security groups, you will also need to learn about VPCs or Virtual Private clouds. It is a virtual network dedicated to your AWS cloud account and isolated from the other networks in the AWS cLoud. You can launch resources including EC2 instances and security groups into your VPC which spans all the availability zones in your account. You can also add one or more subnets in all availability zones after creating a VPC.
Every AWS account has a default VPC for each AWS region and if you need, you can create additional VPCs.
When you create a VPC, it comes with a default security group. However, you can create additional security groups for the VPC and assign inbound and outbound rules to those security groups according to your choice.
An additional thing to note here is that you can only assign a security group to resources created within the same VPC as that security group and you can assign multiple security groups to a single resource. For example, if you have an EC2 instance in a specific VPC, the security group you can assign to it will also need to be within the same VPC.
Create Security Group using the AWS Console
Login to your aws account and go to the EC2 dashboard. In the right sidebar, click on security groups. On the security group dashboard, click on the create security group button in right at the top. Now, enter the details like a unique name and a description for your security group and the select the security VPC that you want to attach it to. In the inbound rules section, create three rules that allow ssh access from your IP and http and https traffic from any ip.
You can continue with the two default outbound rules allowing http and https traffic from the web. At the end, click on the create security group button at the bottom. Your new security group is ready and you can attach it to an EC2 instance while you create it.
Create Security Groups using AWS CLI
You can also create a security group using AWS CLI. The command we need to run to create the security group is aws ec2 create-security-group.
aws ec2 create-security-group --group-name MySecurityGroup --description "My security group" --vpc-id vpc-22e4554c
You will receive an output like the following:
{
"GroupId": "sg-09b42bfc86b11e1bb"
}
In the above example, we have created a security group and added it to a specific VPC using vpc id.
We can further add inbound rules using the cli:
aws ec2 authorize-security-group-ingress --group-id sg-06b43bfd86b21e1bb --protocol tcp --port 22 --cidr 102.185.201.133/32
Here, we have added a rule that allows ssh access from a select ip (102.185.201.133).
The output will look like the following:
{
"Return": true,
"SecurityGroupRules": [
{
"SecurityGroupRuleId": "sgr-08bc32ce00af42580",
"GroupId": "sg-09b42bfc86b11e1bb",
"GroupOwnerId": "302984893886",
"IsEgress": false,
"IpProtocol": "tcp",
"FromPort": 22,
"ToPort": 22,
"CidrIpv4": "102.185.201.133/32"
}
]
}
How to delete a security group using aws cli
Deleting a security group with the help of the aws cli is easy and you will only need to mention the security group id:
aws ec2 delete-security-group --group-id sg-09b42bfc86b11e1bb