logo
Security Groups and Classic Ports

Security Groups and Classic Ports

These are all theories on security group of EC2 instances and classic ports.

Published Jan 31, 2024
Last Modified Feb 1, 2024
Suppose, you are hosting a party at your house and for your party, you have hired some security guards. You provide him with certain rules like who can join your party also instruct your guard to let your friends exit the party through certain doors (ports). This is exactly how a security group works around EC2 instances. If you are preparing for the Cloud Practitioner exam, you should know how to configure a security group. They are so important for your exams. Security groups are fundamental to network security in AWS. They control the traffic in and out of the EC2 instances. Security groups are easy to use they only contain allowed rules. They can be referenced by IP addresses or by other security groups. For example: Suppose you are on your computer, and we want to access our EC2 instances now that EC2 instance might have a security group around it that acts as a firewall. It will also have some rules which as whether to allow some inbound traffic from the internet to the EC2 instance or not and some that traffic like whether they can get to the internet from the EC2 instance.
Let's take a deep dive into Security Group:
1) They control access to ports.
2) They allow authorized IPv4 and IPv6
3) They control the inbound (From other to instances) and outbound network (to instances from other).
Some things you should remember:
1) Security Group can be attached to multiple instances it is not locked to only one instance.
2) If you change your region or create another VPC you have to create a new security group.
3) It acts like a firewall so if a traffic is blocked it won't be able to see it.
4) It is highly recommended from developers use one separate security group for SSH access.
5) If your application hangs and isn't accessible that is probably a security group issue.
6) If your application gives a connection resued error that is probably due to some error on your application or it may not have launched properly.
7) By default all inbound traffics are blocked and all outbound traffic are authorized.
for
22 = SSH (Secure Shell) - This allows to log into your EC2 instance on Linux.
21 = FTP (File Transfer Protocol) - which you can use to upload files into file share
22 = SFTP (Secure File Transfer Protocol) - It is also port 22 as this time we are going to use SSH for our secure file transfer.
80 = HTTP - gives you access to secured websites.
443 = HTTPS- gives you access to unsecured websites.
3389 = RDP (Remote Desktop Protocol) - This allows you to log into your EC2 instance on Windows.
Referencing other security groups diagram

How do you connect inside of your server to do some maintenance?
Suppose you have a house (which represents server) and you want to go inside of your house to clean it ( which represents doing some maintenance here). And you have a special key to enter your house, the key is unique and secure which allows you to enter your house. This is SSH in your server which is a command-line platformshelps you access your server and execute commands. It is available on Mac,Linux and window>=10 versions. And for windows<=10 version you can use something called "Putty", they do the exact same thing like using SSH to access your house (server) and connect to your EC2 instances. It was initially written for windows but now it is available on other UNIX-like platforms as well. It is a free and open-source terminal emulator application. Now as the techs evolved and now every house has digital lock where you enter a code to unlock the door to your house. This is like EC2 Instance Connect on your servers. By using your web browser you can connect to your EC2 instances. It is available for Linux, Mac and all the versions of Windows as well. Also it's a secure way to connect to your instances without the need of physical key (SSH key). It only uses AWS Identity and Access Management (IAM) policies and principals to control your SSH access removing the need of SSH key. For this you have to use Amazon NX2.
Amazon Instance Connect