Om's Brain

5. Security Groups

1 min read

Security Groups

Security Group Overview

Security Group Rules

Security Group Configuration

Info

If your EC2 makes a valid outbound request, the response is automatically allowed back in, even if your inbound rules are empty.

  • If EC2 is in a public subnet with internet access β†’ βœ… You’ll get a JSON response.
  • If EC2 is in a private subnet with no NAT β†’ ❌ The request will hang or fail.

Inbound Rules

From 1 machine:

Inbound from single machine

From anywhere SSH allowed:

SSH from anywhere

Outbound Rules

Note

In Amazon EC2 Security Groups (SGs), the default outbound rule for a new security group is: Allow all outbound traffic (0.0.0.0/0 for IPv4 and ::/0 for IPv6) on all protocols and all ports.

Even if you remove default outbound: βœ… Your EC2 will still respond to incoming requests β€” like a browser request from your PC β€” because Security Groups are stateful.

Outbound Rules

Outbound Configuration

EC2 - EC2 Communication

EC2 to EC2 Communication

Only from the web servers :)

Web Server Security Group

Security Group Reference

Security Group Linking

Default Security Group

Self reference in it’s inbound rule:

  • All machine that are attach to it can talk to each other

Default Security Group

Default SG Inbound

Default SG Configuration

Mindmap

Graph View