Easy Steps to Create and Configure AWS Security Groups

Bhashkar KushwahaBhashkar Kushwaha
3 min read

Step-by-Step Guide: How to Create and Configure Security Groups in AWS

Security Groups in AWS act as virtual firewalls for your instances, controlling inbound and outbound traffic. They are essential for securing your cloud infrastructure. In this guide, we'll walk through creating and configuring Security Groups in AWS.

Prerequisites

  • An AWS account with appropriate IAM permissions.

  • Basic understanding of networking concepts (IP addresses, ports, protocols).

Step 1: Log in to AWS Management Console

  1. Go to the AWS Management Console.

  2. Sign in with your credentials.

  3. Navigate to the EC2 Dashboard.

Step 2: Create a Security Group

  1. In the left navigation pane, click "Security Groups" under "Network & Security."

  2. Click the "Create security group" button.

Basic Details

  • Security group name: Give a descriptive name (e.g., WebServer-SG).

  • Description: Add a brief explanation (e.g., "Allow HTTP/HTTPS and SSH access").

  • VPC: Select the Virtual Private Cloud (VPC) where your instances reside.

Step 3: Configure Inbound Rules

Inbound rules control incoming traffic to your instances.

  1. Under "Inbound rules," click "Add rule."

  2. Choose common rules or customize:

    • Type: Select a protocol (e.g., HTTP, HTTPS, SSH, RDP, or Custom TCP).

    • Port range: Define the port (e.g., 80 for HTTP, 22 for SSH).

    • Source: Specify allowed IPs:

      • For public access: 0.0.0.0/0 (any IP) – Use with caution!

      • For restricted access: Enter a specific IP or another Security Group.

Example Inbound Rules:

TypeProtocolPort RangeSource
HTTPTCP800.0.0.0/0
HTTPSTCP4430.0.0.0/0
SSHTCP22Your-IP/32

Step 4: Configure Outbound Rules

Outbound rules control traffic leaving your instances.

  1. Under "Outbound rules," click "Add rule."

  2. By default, AWS allows all outbound traffic (0.0.0.0/0).

  3. For stricter security, limit outbound traffic to necessary ports.

Example Outbound Rules:

TypeProtocolPort RangeDestination
HTTPSTCP4430.0.0.0/0
Custom TCPTCP3306DB-SG (if using RDS)

Step 5: Save the Security Group

  1. Review your rules.

  2. Click "Create security group."

Step 6: Assign the Security Group to an Instance

  1. Go to EC2 Dashboard > Instances.

  2. Select an instance and click "Actions" > "Security" > "Change security groups."

  3. Select your newly created Security Group and click "Assign security groups."

Step 7: Test Connectivity

  • For SSH: ssh -i your-key.pem ec2-user@<Public-IP>

  • For HTTP: Open a browser and enter http://<Public-IP>

  • If access is denied, recheck Security Group rules and instance firewall settings.

Best Practices for Security Groups

Least Privilege Principle: Only allow necessary ports/IPs.
Use Descriptive Names: Helps in identifying purpose (e.g., Web-SG, DB-SG).
Reference Security Groups: Instead of IPs, reference other Security Groups for internal traffic.
Regular Audits: Review rules periodically to remove unused access.
Avoid Open Rules: Never use 0.0.0.0/0 unless absolutely required.

Conclusion

Security Groups are a fundamental part of AWS security. By following this guide, you can create and configure them effectively to protect your cloud resources. Always follow security best practices to minimize risks.

Shubham Londhe

hashnode :-https://hashnode.com/post/cmcuuve48000502lbdvwjbvqq

0
Subscribe to my newsletter

Read articles from Bhashkar Kushwaha directly inside your inbox. Subscribe to the newsletter, and don't miss out.

DevopsDevops articlesBloggingTrainWithShubham#90daysofdevops#90daysofdevopschallenge#90daysofdevops chanllenge

Written by

Bhashkar Kushwaha
Bhashkar Kushwaha