AWScloud~30 mins

Security group as virtual firewall in AWS - Mini Project: Build & Apply

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Time

Security group as virtual firewall

📖 Scenario: You are setting up a simple virtual firewall for a web server in the cloud. This firewall will control which network traffic is allowed to reach the server.

🎯 Goal: Create an AWS security group that allows incoming HTTP traffic on port 80 from anywhere and SSH traffic on port 22 only from a specific IP address.

📋 What You'll Learn

Create a security group named web-server-sg

Allow inbound HTTP traffic on port 80 from 0.0.0.0/0

Add a variable ssh_allowed_ip with the value 203.0.113.5/32

Allow inbound SSH traffic on port 22 only from the IP address in ssh_allowed_ip

Set the security group description to Web server security group

💡 Why This Matters

🌍 Real World

Security groups act like virtual firewalls controlling traffic to cloud servers. Setting them up correctly protects servers from unwanted access.

💼 Career

Cloud engineers and DevOps professionals regularly create and manage security groups to secure cloud infrastructure.

Progress0 / 4 steps

Create the security group resource

Create an AWS security group resource named web_server_sg with the name web-server-sg and description Web server security group.

AWS

# Your code here to create the security group resource

Need a hint?

Use resource "aws_security_group" "web_server_sg" {} with name and description inside.

Add the SSH allowed IP variable

Add a variable named ssh_allowed_ip with the value "203.0.113.5/32".

AWS

resource "aws_security_group" "web_server_sg" {
  name        = "web-server-sg"
  description = "Web server security group"
}

# Your code here to add the ssh_allowed_ip variable

Need a hint?

Use variable "ssh_allowed_ip" { default = "203.0.113.5/32" } to define the IP.

Add inbound rule for HTTP traffic

Inside the web_server_sg resource, add an ingress block that allows TCP traffic on port 80 from 0.0.0.0/0.

AWS

resource "aws_security_group" "web_server_sg" {
  name        = "web-server-sg"
  description = "Web server security group"

  # Your code here to add ingress rule for HTTP
}

variable "ssh_allowed_ip" {
  default = "203.0.113.5/32"
}

Need a hint?

Use an ingress block with from_port, to_port, protocol, and cidr_blocks.

Add inbound rule for SSH traffic from allowed IP

Inside the web_server_sg resource, add another ingress block that allows TCP traffic on port 22 from the IP address stored in the variable ssh_allowed_ip.

AWS

resource "aws_security_group" "web_server_sg" {
  name        = "web-server-sg"
  description = "Web server security group"

  ingress {
    from_port   = 80
    to_port     = 80
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }

  # Your code here to add ingress rule for SSH using ssh_allowed_ip variable
}

variable "ssh_allowed_ip" {
  default = "203.0.113.5/32"
}

Need a hint?

Use another ingress block with cidr_blocks = [var.ssh_allowed_ip] to allow SSH only from that IP.