AWScloud~30 mins

Default security group behavior in AWS - Mini Project: Build & Apply

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Time

Default Security Group Behavior

📖 Scenario: You are setting up a new virtual private cloud (VPC) in AWS. Every VPC comes with a default security group that controls network traffic for resources inside it.Understanding how this default security group behaves helps you manage access and keep your cloud resources safe.

🎯 Goal: Build a simple AWS CloudFormation template that defines a VPC and inspects the default security group behavior by creating a security group with default rules.

📋 What You'll Learn

Create a VPC resource with a specific CIDR block

Create a security group resource without specifying ingress or egress rules (to use default behavior)

Add a tag to the security group with the key 'Name' and value 'DefaultSecurityGroup'

Output the security group ID

💡 Why This Matters

🌍 Real World

Default security groups are automatically created in every AWS VPC. Knowing how they behave helps you secure your cloud network by controlling traffic between resources.

💼 Career

Cloud engineers and architects must understand default security group behavior to design secure network architectures and avoid unintended open access.

Progress0 / 4 steps

Create a VPC with CIDR block 10.0.0.0/16

Create a resource called MyVPC of type AWS::EC2::VPC with the property CidrBlock set to "10.0.0.0/16".

AWS

# Your code here

Need a hint?

The VPC resource needs a CidrBlock property with the exact value "10.0.0.0/16".

Add a security group resource with default rules

Add a resource called DefaultSG of type AWS::EC2::SecurityGroup with the property VpcId set to { "Ref": "MyVPC" }. Do not add any ingress or egress rules.

AWS

Resources:
  MyVPC:
    Type: AWS::EC2::VPC
    Properties:
      CidrBlock: "10.0.0.0/16"
# Your code here

Need a hint?

Security group must reference the VPC using VpcId: { "Ref": "MyVPC" } and have no ingress or egress rules.

Add a tag to the security group

Add a Tags property to DefaultSG with a tag that has Key set to Name and Value set to DefaultSecurityGroup.

AWS

Resources:
  MyVPC:
    Type: AWS::EC2::VPC
    Properties:
      CidrBlock: "10.0.0.0/16"
  DefaultSG:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: "Default security group"
      VpcId: { "Ref": "MyVPC" }
# Your code here

Need a hint?

Tags are a list of key-value pairs under the Tags property.

Output the security group ID

Add an Outputs section with an output called SecurityGroupId that has Value set to { "Ref": "DefaultSG" }.

AWS

Resources:
  MyVPC:
    Type: AWS::EC2::VPC
    Properties:
      CidrBlock: "10.0.0.0/16"
  DefaultSG:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: "Default security group"
      VpcId: { "Ref": "MyVPC" }
      Tags:
        - Key: Name
          Value: DefaultSecurityGroup
# Your code here

Need a hint?

Outputs section goes at the root level and references the security group by Ref.