Saturday, June 24, 2017

AWS : VPC : Security

VPC security can be handles with Two things

  1.  Security Groups :
  2.  Network Access Control Lists :
 Lets start with an image

Please note

  1. NACL : lives in subnet level
  2. Security Group : Associated at instance level. Security Group get assigned to Network Interfaces and not Instances themselves. Every instance (network interface) needs at least one , and upto 5.Eth0 network interface : we can’t remove it from an instance.

Security Group

Consists of protocol , port and source.
Check all rules , if none pass … traffic is denied

We say security groups are “stateful” : any responses to traffic that are send out , are automatically allowed back in. They kind of remember , i allowed this traffic in/out , hence accepting now out/in.

Default Security Group
  • When launching an EC2 if you dont specify SG , it takes default SG
  • The default security group allows communication between all resources within the security group,
  • it  allows all outbound traffic, 
  • and denies all other traffic.



No comments: