AWS Security Groups & Firewall Rules

Learn how to configure virtual firewalls for EC2 instances, understand inbound and outbound rules, and implement network security best practices.

security-group-config.json

{

"GroupName": "web-servers",

"Description": "Allow HTTP and HTTPS",

"InboundRules": [

{

"Protocol": "TCP",

"Port": 80,

"Source": "0.0.0.0/0"

}

]

}

security-group-config.json

1 / 14

🔒

Tutor:Security Groups are virtual firewalls for your EC2 instances. They control inbound and outbound traffic at the instance level. Security Groups are stateful, meaning if you allow inbound traffic, the outbound response is automatically allowed.

⭐ 0 EXP

Security Groups Mastery

Unlock nodes by learning new security concepts.

Concept 1: Security Groups Basics

Security Groups are virtual firewalls for your EC2 instances. They control inbound and outbound traffic at the instance level. Security Groups are stateful, meaning if you allow inbound traffic, the outbound response is automatically allowed.

System Check

What is the default behavior of Security Groups for outbound traffic?

All outbound traffic is blocked by defaultAll outbound traffic is allowed by defaultOnly HTTP traffic is allowedOnly HTTPS traffic is allowed

Community Holo-Net

Showcase Your Security Configurations

Built secure network architectures? Share your Security Group configurations and firewall rules.

Support Us

Security Groups (Firewall Rules)

Pascual Vila

Cloud Instructor.

Inbound and Outbound Rules

Security Groups support both inbound and outbound rules. Inbound rules control incoming traffic to your instances, while outbound rules control traffic leaving your instances. By default, all outbound traffic is allowed.

Stateful Behavior

Security Groups are stateful. If you send a request from your instance, the response traffic for that request is automatically allowed, regardless of outbound rules. This applies to both inbound and outbound traffic.

Multiple Security Groups

You can attach multiple Security Groups to a single EC2 instance. The instance will be allowed if any of the attached Security Groups allow the traffic. This provides flexibility in managing access.

Security Groups Glossary

Security Group: A virtual firewall that controls inbound and outbound traffic for EC2 instances. Acts as a stateful firewall at the instance level.
Stateful Firewall: A firewall that tracks the state of network connections. If inbound traffic is allowed, the outbound response is automatically permitted.
Inbound Rules: Rules that control incoming traffic to your EC2 instances. Specify protocol, port range, and source (IP address or Security Group).
Outbound Rules: Rules that control outgoing traffic from your EC2 instances. By default, all outbound traffic is allowed.
Security Group Reference: The ability to reference another Security Group in a rule, allowing instances in different Security Groups to communicate without knowing IP addresses.