A security group acts as a virtual firewall for your instance to control inbound and outbound traffic. Security group rules enable you to filter traffic based on protocols and port numbers.
You can create a security group and add rules that reflect the role of the instance that's associated with the security group. For example, an instance that's configured as a web server needs security group rules that allow inbound HTTP and HTTPS access. Likewise, a database instance needs rules that allow access for the type of database, such as access over port 3306 for MySQL.
When a security group with a specific protocol is mentioned, only the connections through that particular port will take place. No other ports will be open. If there is no security group means there will be no inbound and outbound connections which means we won’t be able to connect to a particular server/instance.
VPC automatically comes with a default security group. If you don't specify a different security group when you launch the instance, the default security group will be associated with the instance. By default the security group allows all inbound connections.
The following command describes a security group
aws ec2 describe-security-groups --group-ids <secuiryt_group_id>
1. Before start the below implementation steps write all configuration which IP and which port in the inbound.
2. Avoid the login through the Root user.
3. Only authorized persons (i.e, admins) can access the Security Groups.
4. You cannot delete the default security groups but you can edit and modify them here so you can create security groups and create your own rules in them.
5. Do not attach the default security group to any EC2 instance if you do not modify any default rules in inbound or outbound.
Perform the following steps to implement the prescribed state:
- List all security groups with an ingress rule of 0.0.0.0/0
aws ec2 describe-security-groups --filters Name=ip-permission.cidr,Values='0.0.0.0/0' \
2. Remove the rule 22 port used only e.g. you can revoke any port
aws ec2 revoke-security-group-ingress \
--group-id <value> --protocol <protocol> --port 22 --cidr 0.0.0.0/0
If you want to proceed with previous settings go through the Implementation steps section and set all previous policies. You can delete your new security group by following the steps:
- Open the Amazon VPC console https://console.aws.amazon.com/vpc/
- In the navigation pane, choose Security Groups.
- Select one or more security groups and choose Security Group Actions, Delete Security Group.
- In the Delete Security Group dialogue box, choose Yes, Delete
or if any issue to access your resources then assign the CIDR 0.0.0.0/0 in the inbound to the security group
The following command is used to delete created security group id in the security_group_id enter the security group id which you show on your console.
aws ec2 delete-security-group --group-id <security_group_id>