AWScloud~30 mins

Stateful behavior of security groups in AWS - Mini Project: Build & Apply

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Time

Stateful behavior of security groups

📖 Scenario: You are setting up a simple cloud network for a small web application. You need to create a security group that allows incoming web traffic on port 80 and allows the server to respond to requests automatically without extra rules.

🎯 Goal: Create an AWS security group that allows inbound HTTP traffic on port 80 and demonstrates the stateful behavior by allowing outbound response traffic without explicit outbound rules.

📋 What You'll Learn

Create a security group named web-sg.

Add an inbound rule to allow TCP traffic on port 80 from anywhere (0.0.0.0/0).

Do not add any outbound rules explicitly.

Demonstrate the stateful behavior of the security group.

💡 Why This Matters

🌍 Real World

Security groups control network traffic to cloud resources. Understanding their stateful nature helps simplify firewall rules and secure applications.

💼 Career

Cloud engineers and DevOps professionals regularly configure security groups to protect applications while allowing necessary traffic.

Progress0 / 4 steps

Create the security group resource

Create an AWS security group resource named web_sg with the description Allow HTTP inbound and the VPC ID set to vpc-123abc.

AWS

# Your code here to create the security group resource

Need a hint?

Use the aws_security_group resource with the exact name web_sg.

Add inbound rule for HTTP traffic

Inside the aws_security_group resource web_sg, add an ingress block that allows TCP traffic on port 80 from 0.0.0.0/0.

AWS

resource "aws_security_group" "web_sg" {
  name        = "web-sg"
  description = "Allow HTTP inbound"
  vpc_id      = "vpc-123abc"

  # Add ingress rule here
}

Need a hint?

Use an ingress block with from_port and to_port set to 80, protocol set to "tcp", and cidr_blocks set to ["0.0.0.0/0"].

Confirm no outbound rules are added

Ensure that the aws_security_group resource web_sg does not have any egress blocks defined, so it uses the default stateful outbound behavior.

AWS

resource "aws_security_group" "web_sg" {
  name        = "web-sg"
  description = "Allow HTTP inbound"
  vpc_id      = "vpc-123abc"

  ingress {
    description      = "Allow HTTP"
    from_port        = 80
    to_port          = 80
    protocol         = "tcp"
    cidr_blocks      = ["0.0.0.0/0"]
  }

  # Confirm no egress block here
}

Need a hint?

Do not add any egress block to keep default outbound rules.

Add a tag to identify the security group

Add a tags block inside the aws_security_group resource web_sg with the tag Environment set to Development.

AWS

resource "aws_security_group" "web_sg" {
  name        = "web-sg"
  description = "Allow HTTP inbound"
  vpc_id      = "vpc-123abc"

  ingress {
    description      = "Allow HTTP"
    from_port        = 80
    to_port          = 80
    protocol         = "tcp"
    cidr_blocks      = ["0.0.0.0/0"]
  }

  # Add tags block here
}

Need a hint?

Use a tags block with the key Environment and value Development.