AWS security groups

Security Groups are the fundamental of network security in aws

보안 그룹은 aws 에서의 네트쿼크 보안의 가장 기본이 되는것 입니다.

 

They control how traffic is allowed into or out of a EC2 instances ( Inbound traffic and Outbound traffic )

보안그룹은 EC2 에 네트워크 접속/송출 을 관리합니다. ( Inbound traffic 그리고 Outbound traffic )

Security group only contain allow rules

보안그룹은 허가 룰만 포함합니다 (어떤 상황에 접속을 허용할지).

Security groups rules can reference by IP or by security group

보안 그룹 룰은 IP 또는 보안 그룹별로 참조할 수 있습니다

 

So it means Security groups are acting as a "firewall" on EC2 instances

즉 쉽게 말해 보안그룹은 EC2 에서의 방화벽 이라고 볼수도 있습니다.

 

they regulate

 

Access to ports

Authorised IP ranges - IPV4 and 6

Control of inbound network (from other to the instance)

Control of outbound network ( from instance to others)

 

 

 

can be attached to multiple instances

Locked down to region / vpc combination

Does live "Outside" the EC2 - if traffic is blocked the EC2 instance wont see it!!

Its good to maintain one separate security group for SSH access

 

If the application is not accessible (time out), then it is a security group issue.

If the application gives a "connection refuesd" error , then it is an application error or it is not launched

 

By default

inbound traffic is blocked

outbount traffuc is authorised