VPC security

If you have deployed your resources in a VPC, you are already moving in the right direction. Here we are mostly going to concern ourselves with network security and the tools or features a VPC provides for enhancing it.

Security Groups

These represent our first layer of defense as stated in the AWS documentation. Security Groups (SG) get assigned to EC2 instances (generally speaking) and provide a type of stateful firewall, which supports allow rules only.

They are very flexible and an EC instance can have multiple such groups assigned to it. The rules can be based on host IP addresses, CIDRs or even on other Security Groups, for example, allow inbound HTTP:80 from group ID sg-12345.

Usually, within a VPC we would create an SG per role, ...

Get Implementing DevOps on AWS now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Implementing DevOps on AWS by Veselin Kantsev

VPC security

Security Groups

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly