A security group is a virtual firewall. It manages the traffic flow from and to AWS instances. It is easy to associate security group with instances in AWS as you can do it while creating an instance. You can assign up to five security groups at the time of launching instance or after launching the instance too. Each security group can serve one or more instances. Security groups are associated with the primary network interface (eth0) of an instance.
Each AWS account comes with a default security group for each VPC and for each region. By default, instances are associated with default security group. Default security group can't be deleted, and it allows all inbound traffic from other instances associated with the default security group and all outbound traffic from the instance.
Let's try to create a security group and see what exactly can be done.
- Go to EC2 or VPC dashboard Network & Security | Security Groups click on Create Security Group.
- Provide security group name and select VPC to which the security group belongs.
- You need to configure security rules for inbound and outbound traffic, and based on this, traffic is controlled with the use of security group in AWS. By default, a security group includes an outbound rule that allows all outbound traffic:
- Click on Add Rule and select Type, Protocol, Port Range, Source, and Description.
- You can create one or multiple rules based on the requirements.
- Click on Create and verify the security group in EC2 Dashboard or VPC Dashboard.
If the instance or the web server is not accessible using the putty or browser, then the first step to troubleshoot the issue is to figure out whether everything is fine with the security group and whether the appropriate rules are configured or not.
If you change the inbound or outbound traffic rules, then it will be applied to the instances immediately.