AWScloud~30 mins

Why security groups matter in AWS - See It in Action

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Time

Why Security Groups Matter

📖 Scenario: You are setting up a simple web server on AWS. To keep it safe, you need to control who can connect to it. AWS Security Groups act like a virtual firewall that controls traffic to your server.In this project, you will create a security group, add rules to allow web traffic, and then attach it to an EC2 instance.

🎯 Goal: Build an AWS security group that allows HTTP and SSH access, then attach it to an EC2 instance to protect your server from unwanted traffic.

📋 What You'll Learn

Create a security group named web-sg with a description Allow HTTP and SSH

Add an inbound rule to allow TCP traffic on port 80 from anywhere

Add an inbound rule to allow TCP traffic on port 22 from a specific IP 203.0.113.5/32

Create an EC2 instance named web-server and attach the web-sg security group

💡 Why This Matters

🌍 Real World

Security groups are essential to protect cloud servers from unauthorized access, just like locks on doors protect your home.

💼 Career

Understanding security groups is a fundamental skill for cloud engineers and system administrators to secure cloud infrastructure.

Progress0 / 4 steps

Create the security group

Create a security group named web-sg with the description Allow HTTP and SSH using AWS CLI syntax.

AWS

# Create security group web-sg with description
# Your code here

Need a hint?

Use aws ec2 create-security-group command with --group-name and --description options.

Add inbound rules to the security group

Add an inbound rule to the web-sg security group to allow TCP traffic on port 80 from anywhere (0.0.0.0/0), and another inbound rule to allow TCP traffic on port 22 from IP 203.0.113.5/32.

AWS

aws ec2 create-security-group --group-name web-sg --description "Allow HTTP and SSH"
# Add inbound rule for HTTP port 80 from anywhere
# Add inbound rule for SSH port 22 from 203.0.113.5/32
# Your code here

Need a hint?

Use aws ec2 authorize-security-group-ingress twice, once for port 80 and once for port 22 with the specified CIDRs.

Launch an EC2 instance with the security group

Launch an EC2 instance named web-server using the Amazon Linux 2 AMI, t2.micro instance type, and attach the web-sg security group by specifying its group name.

AWS

aws ec2 create-security-group --group-name web-sg --description "Allow HTTP and SSH"
aws ec2 authorize-security-group-ingress --group-name web-sg --protocol tcp --port 80 --cidr 0.0.0.0/0
aws ec2 authorize-security-group-ingress --group-name web-sg --protocol tcp --port 22 --cidr 203.0.113.5/32
# Launch EC2 instance web-server with security group web-sg
# Your code here

Need a hint?

Use aws ec2 run-instances with --security-groups web-sg and add a tag with Name=web-server.

Verify the security group attachment

Write the AWS CLI command to describe the EC2 instance named web-server and confirm it has the web-sg security group attached.

AWS

aws ec2 create-security-group --group-name web-sg --description "Allow HTTP and SSH"
aws ec2 authorize-security-group-ingress --group-name web-sg --protocol tcp --port 80 --cidr 0.0.0.0/0
aws ec2 authorize-security-group-ingress --group-name web-sg --protocol tcp --port 22 --cidr 203.0.113.5/32
aws ec2 run-instances --image-id ami-0c02fb55956c7d316 --count 1 --instance-type t2.micro --security-groups web-sg --tag-specifications 'ResourceType=instance,Tags=[{Key=Name,Value=web-server}]'
# Describe the instance web-server to check security groups
# Your code here

Need a hint?

Use aws ec2 describe-instances with a filter for the tag Name=web-server and query the SecurityGroups field.