Security Groups in AWS
Security groups is act as firewall between your public network and EC2 machine.
You can configure security group while creating new EC2 instance and after that.
Go to EC2 dashboard at Left panel: NETWORK & SECURITY –> Security Groups –> to change your security regarding EC2 machine access.
Note: If you change the rule in Security group then it immediately in effect on associated EC2 machines.
Highlights
–Source: 0.0.0.0/0 means open to all IP4 address outside the world.
–::/0 used for IPV6.
–Security groups are stateful. If you enable something on INBOUND port then it automatically open for OUTBOUND port.
–No way to blacklist the particular IP address or Particular PORT in Security Groups.(use Network Access control for this)
–All inbound traffic is blocked by default. You have create Security group to open like HTTP port 80.
–You can attached more than one security group in EC2 instance.
–All outbound traffic is allowed.
–Changes to security groups take effect immediately.
–You can have any number of EC2 instances use the same Security group.
–You can specify allow rules, but not deny rules. (by default it deny everything).