Security Groups and SSH into the EC2 Instance

Security groups

Security groups are an instance-level firewall service and a fundamental unit in AWS network security. They control which traffic is allowed into or out of our EC2 instance. We can secure our EC2 instances by using security groups alone. Security groups have rules to control both inbound and outbound traffic from EC2 instances.

Features of security groups

• Security groups in AWS are stateful. This means that all return traffic to and from security groups is allowed. For example, our instances can serve HTTP traffic even if we have no outbound rules and only one inbound HTTP rule.
• We only have allow rules in security groups. All other traffic is denied.
• Newly created security groups allow no inbound traffic (have no inbound rules) and allow all outbound traffic (have one rule to allow all outbound traffic).
• Security groups are specific to an AWS Region.
• Security groups live outside the EC2 instance. Any traffic blocked by security groups won’t be seen by the EC2 instance.
• Security groups only affect the instances they’re attached to.
• They provide fine-grained control over the traffic that flows at the instance level:
  • They can control the exact port numbers to which connections are allowed.
  • They can control the exact IP address range to which a certain rule applies. For example, we might only want to allow our corporate office’s IP addresses to SSH into our instances.
  • They can also supply security group IDs of other security groups as a connection source to allow connections from instances to which the other security group is attached.