TechQA.

Security Group in AWS Cloud

315 views Asked by At

As we know security groups are statefull in AWS Cloud. while launching ec2 instances when we allow inbound rules for specific port it must allow that specific traffic at outbound instead it will allowing all tarffic why is this so?

launched ec2 instance in inbound I allowed ssh at port 22 and http at port 80 https at port 443 in outbound it automatically allowed all traffic instead of these three protocol

security amazon-ec2 outbound inbound-security-rule
Original Q&A
2

There are 2 answers

0
Myrkytyn On

A security group controls the traffic that is allowed to reach and leave your EC2 instance. Did you use default SG? By default, SG Allows all outbound IPv4 and IPv6 traffic.

So if you need, you could manually deny all outbound traffic and allow only 80 443 and 22 ports.

enter image description here

0
chamal On

A few points:

  • As you said, security groups are stateful. If a SG rule allows a request to reach an instance, then the response can go out.
  • Outbound rules are for traffic originating from your instance. It controls what IPs the instances within the SG can talk to. They don't apply to responses for incoming requests.
  • The predefined rules in the web console are just there for your convenience, using the commonly used ports for HTTP/HTTPS/SSH and so on. The actual rules that apply are for TCP traffic on these specific ports.

Related Questions in SECURITY

Related Questions in AMAZON-EC2

Related Questions in OUTBOUND

Related Questions in INBOUND-SECURITY-RULE

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions