Also Read

Fix: Firestick Connected to WiFi, But No Internet

What is an AWS Security Group?

How To Create AWS Security Groups

In this article, I’ll be showing you how to create a security group from the AWS management console.

  • Login to your AWS Management Console.
  • Select the EC2 service.
  • Select “Security Groups”, it can be found under the “Network And Security” category.
  • Click on the “Create Security Group” button.
  • Input your security group name and description.
  • Select your corresponding VPC.
  • Add and configure your rules.

How to Configure & Optimize your AWS Security Groups

Here are a few tips on configuring new Security Groups in AWS, and optimizing existing ones.

Remove Unused groups

You might have created a security group for running a test while trying to figure out how security groups work. It is advised that you remove/delete any unused security group. 

Enable Alerting and Tracking

Avoid Inbound traffic via 0.0.0.0/0

As stated early, using the anywhere 0.0.0.0/0 value has to be on a need to basis and a complete understanding of what you are doing.

However, it is recommended that you keep away from this completely because it could end up exposing sensitive data to the outside world.

It’s best practice to only give access to specific Protocol and port ranges; this ensures that other incoming packets will be dropped.

Every Security Group (read: firewall) is slightly different from Network Access Control Lists (NACLs) as they do not possess a “Deny” rule. What this means is, packets will be dropped if there were no specific rules assigned to them.

When creating a Security Group, your primary objective is to restrict access so you can also help maintain what traffic goes in and out. You should also strive to give each group a very distinctive name and description so as to reduce the chances of errors. 

Advertisement

Security Group Rules

You can grant access to specific Security Groups, IPv4 or IPv4 addresses or specific CIDR(Classless inter-domain routing) range. 

Here are a few basic Security Group Rules:

Inbound and outbound security Group Rules comprises five different fields: Source, Protocol, Port Range & Description.

Source

This is usually a custom IP address, a subnet range or another security group. You can also grant access to the entire internet if you use the “anywhere (0.0.0.0/0)” value.

Using the anywhere (0.0.0.0/0) value has to be on an as-needed basis, and you should completely understand what you are getting into.

Protocol

Protocols typically default to TCP and tend to be greyed out. If you are working with custom rules you created, however, you can modify the protocols to fit your needs.

Port Range

Port ranges are typically pre-filled. However, you can decide to work with a custom port range of your choice.

Descriptions

This is the field where you insert a description for the rule you have created. It can be helpful to make it detailed.