AWScloud~30 mins

Inbound and outbound rules in AWS - Mini Project: Build & Apply

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Time

Configuring Inbound and Outbound Rules for AWS Security Group

📖 Scenario: You are setting up a secure environment for a web application hosted on AWS. To protect the application, you need to configure a security group that controls the traffic allowed to and from the application servers.

🎯 Goal: Create an AWS security group with specific inbound and outbound rules to allow HTTP and SSH access inbound, and allow all outbound traffic.

📋 What You'll Learn

Create a security group named webapp-sg in the us-east-1 region

Add inbound rules to allow TCP traffic on port 80 (HTTP) from anywhere

Add inbound rules to allow TCP traffic on port 22 (SSH) from a specific IP 203.0.113.5/32

Add an outbound rule to allow all traffic to anywhere

💡 Why This Matters

🌍 Real World

Security groups are essential for controlling network traffic to AWS resources. Configuring inbound and outbound rules properly protects applications from unauthorized access.

💼 Career

Cloud engineers and DevOps professionals regularly create and manage security groups to secure cloud infrastructure and comply with security policies.

Progress0 / 4 steps

Create the security group resource

Create an AWS security group resource named webapp_sg with the group name webapp-sg in the us-east-1 region using AWS CloudFormation syntax.

AWS

# Your code here to create the security group resource named webapp_sg

Need a hint?

Use AWS CloudFormation syntax to define a security group resource with the exact name webapp_sg and group name webapp-sg.

Add inbound rules for HTTP and SSH

Add inbound rules under webapp_sg to allow TCP traffic on port 80 from 0.0.0.0/0 and TCP traffic on port 22 from 203.0.113.5/32.

AWS

Resources:
  webapp_sg:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupName: webapp-sg
      VpcId: vpc-123abc
      Tags:
        - Key: Name
          Value: webapp-sg
      # Add Ingress rules here

Need a hint?

Use SecurityGroupIngress property to add inbound rules for ports 80 and 22 with the specified IP ranges.

Add outbound rule to allow all traffic

Add an outbound rule under webapp_sg to allow all protocols and all ports to 0.0.0.0/0.

AWS

Resources:
  webapp_sg:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupName: webapp-sg
      VpcId: vpc-123abc
      Tags:
        - Key: Name
          Value: webapp-sg
      SecurityGroupIngress:
        - IpProtocol: tcp
          FromPort: 80
          ToPort: 80
          CidrIp: 0.0.0.0/0
        - IpProtocol: tcp
          FromPort: 22
          ToPort: 22
          CidrIp: 203.0.113.5/32
      # Add Egress rule here

Need a hint?

Use SecurityGroupEgress property with IpProtocol: -1 to allow all outbound traffic.

Add description tags and finalize the security group

Add a Description property with the value Security group for web application under Properties of webapp_sg to describe the security group.

AWS

Resources:
  webapp_sg:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupName: webapp-sg
      VpcId: vpc-123abc
      # Add Description here
      Tags:
        - Key: Name
          Value: webapp-sg
      SecurityGroupIngress:
        - IpProtocol: tcp
          FromPort: 80
          ToPort: 80
          CidrIp: 0.0.0.0/0
        - IpProtocol: tcp
          FromPort: 22
          ToPort: 22
          CidrIp: 203.0.113.5/32
      SecurityGroupEgress:
        - IpProtocol: -1
          CidrIp: 0.0.0.0/0

Need a hint?

Add a Description property under Properties with the exact text Security group for web application.