Day 2: Configuring Security Groups in AWS β A Step-by-Step Guide
Hello Dosto...! π
Welcome to Day 2 of my 90 Days of DevOps 2025 journey! Today, I explored AWS Security Groups, a crucial aspect of cloud networking. In this blog, I will take you through a step-by-step guide on how to create and configure Security Groups in AWS to control inbound and outbound traffic for your EC2 instances.
Letβs dive in! π
What Are Security Groups?
Security Groups act as virtual firewalls for AWS instances, defining what kind of traffic is allowed in and out. They play a key role in network security, ensuring only authorized access to cloud resources.
Key Features of Security Groups
β
Stateful Rules β If an inbound request is allowed, the outbound response is automatically allowed.
β
Default Deny Policy β All traffic is blocked unless explicitly allowed.
β
Can Be Attached to Multiple Instances β One Security Group can be associated with multiple EC2 instances.
πΉ Step 1: Log in to the AWS Console
Open AWS Management Console.
Log in using your AWS account credentials.
Navigate to the EC2 Dashboard by searching for βEC2β in the AWS Services tab.
πΉ Step 2: Navigate to Security Groups
In the EC2 Dashboard, look for Network & Security in the left-hand menu.
Click on Security Groups.
Click Create Security Group to define a new firewall policy for your instance.
πΉ Step 3: Create a New Security Group
Enter Security Group Name β Choose a meaningful name (e.g.,
WebServer-SG).Description β Describe its purpose (e.g., βSecurity Group for Web Serverβ).
Select VPC β Choose your VPC (default VPC is fine).
πΉ Step 4: Configure Inbound Rules
Inbound rules define who can access your instance.
Common Inbound Rules for DevOps
| Protocol | Port | Source | Purpose |
| SSH | 22 | My IP | Secure remote access |
| HTTP | 80 | Anywhere (0.0.0.0/0) | Web traffic |
| HTTPS | 443 | Anywhere (0.0.0.0/0) | Secure web access |
| MySQL | 3306 | Custom IP | Database connection |
πΉ Steps to Add Inbound Rules
Click Add Rule.
Choose a protocol (e.g., SSH, HTTP, HTTPS).
Specify the port number (e.g., 22 for SSH, 80 for HTTP).
Select the source:
My IP β Best for SSH (secures access to your IP only).
Anywhere (0.0.0.0/0) β Allows access from any IP (use with caution).
Custom β Define a specific IP or CIDR range.
Click Save Rules.
πΉ Step 5: Configure Outbound Rules
Outbound rules define what traffic your instance can send out.
Default Outbound Rule
AWS allows all outbound traffic by default so instances can connect to external services.
Click the Outbound Rules tab.
Modify rules if needed (e.g., restrict access to a specific IP).
Click Save Rules.
πΉ Step 6: Attach the Security Group to an EC2 Instance
Once the Security Group is created, you need to attach it to an EC2 instance.
Go to the EC2 Dashboard β Click Instances.
Select your instance β Click Actions β Security β Change Security Groups.
Select the Security Group you created and click Save.
πΉ Step 7: Test Your Security Group Configuration
π Test SSH Access
ssh -i your-key.pem ec2-user@your-instance-ip
βοΈ If the SSH rule is configured correctly, you should be able to log in.
π Test HTTP/HTTPS Access
- Open a browser and visit
http://your-instance-ip.
βοΈ If the page loads, your HTTP rule is working.
π Test Database Connection
Use MySQL CLI or a database client to connect using:
mysql -h your-instance-ip -u username -p
βοΈ If connected, the database access rule is correct.
β Best Practices for Security Groups
π Follow the Principle of Least Privilege β Only open necessary ports.
π Restrict SSH to Your IP β Avoid 0.0.0.0/0 for security.
π Use Security Groups Instead of IPs β Allow access from other Security Groups instead of static IPs.
π Audit Security Groups Regularly β Remove unused rules to reduce attack surfaces.
π Conclusion
Security Groups are an essential part of AWS security. Properly configuring them ensures your cloud infrastructure remains protected while allowing necessary access.
π Today, I successfully created and configured a Security Group in AWS as part of my #90DaysOfDevOps journey!
π’ What are your thoughts on Security Groups? Have you faced any challenges configuring them? Letβs discuss in the comments! π