DEV Community

loading...

[AWS] 2. EC2 - Security Groups & SSH

Nina Hwang
πŸ‘©πŸ»β€πŸ’» ν™©μ±„μ˜ 🐣 Junior Backend Developer
・Updated on ・2 min read

1. Security Groups

Security groups are the fundamental of network security in AWS. They act as a firewall on EC2 instances. They regulate accessible ports, authorized IP ranges(IPv4 and IPv6), control of inbound/outbound network.

(1) Features of Security Groups

  • A security group can be attached to multiple instances.
  • The EC2 instance won't recognize whether traffic is blocked.
  • It is a good convention to maintain one separate security group for each SSH access.
  • By default, all inbound traffic is blocked, and all outbound traffic is authorized.

(2) Creating Security Group

You can create a security group while creating an instance, or create one first and attach it to an instance.

Go to EC2 > Network & Security > Security Groups > Create security group.
Alt Text
Set name and description.
Alt Text
As you see, by default, there's no authorized inbound traffic. On the other hand, all outbound traffic is allowed.
Alt Text
Add rules for inbound traffic.
Alt Text

2. SSH

I will briefly introduce what SSH is, and why I added an inbound rule for SSH.

SSH(aka Secure Shell or Secure Socket Shell) is a network protocol that provides a secure way to access one computer to another over an unsecured network. You can see additional information here

Let's assume that you are sending a package to your friend. Someone might steal the package during delivery, open it, and take whatever inside of it.
Alt Text
But if you lock the package, give the key to your friend, and then send the package, still a thief can steal the package but never be able to open it.
Alt Text
Just like locking a package, SSH encrypts and authenticates connections between shells so that only allowed hosts can be connected and enable to exchange data.

To connect to your EC2 instance, you can use SSH. If SSH port(port 22) is not allowed by the security group, you are not able to connect to the EC2 instance via terminal.
I deliberately removed SSH rule in inbound rules, and this is the result.
Alt Text
It returns time out error, because the instance is not accessible with SSH. As I mentioned, the EC2 instance cannot see whether traffic is blocked or not. Therefore it does not return an error message until time out.

Discussion (0)