0
0
AWScloud~10 mins

Why security groups matter in AWS - Test Your Understanding

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Practice - 5 Tasks
Answer the questions below
1fill in blank
easy

Complete the code to create a security group that allows inbound HTTP traffic.

AWS
resource "aws_security_group" "web_sg" {
  name        = "web_sg"
  description = "Allow HTTP inbound"

  ingress {
    from_port   = 80
    to_port     = 80
    protocol    = "[1]"
    cidr_blocks = ["0.0.0.0/0"]
  }
}
Drag options to blanks, or click blank then click option'
Aicmp
Btcp
Cudp
Dhttp
Attempts:
3 left
💡 Hint
Common Mistakes
Using 'udp' instead of 'tcp' for HTTP traffic.
Using 'http' as a protocol value, which is not valid.
2fill in blank
medium

Complete the code to allow SSH access only from a specific IP address.

AWS
resource "aws_security_group" "ssh_sg" {
  name        = "ssh_sg"
  description = "Allow SSH inbound from office"

  ingress {
    from_port   = 22
    to_port     = 22
    protocol    = "tcp"
    cidr_blocks = ["[1]"]
  }
}
Drag options to blanks, or click blank then click option'
A192.168.1.100/32
B0.0.0.0/0
C10.0.0.0/16
D255.255.255.255/32
Attempts:
3 left
💡 Hint
Common Mistakes
Using 0.0.0.0/0 which opens SSH to all IPs.
Using a broad CIDR block instead of a single IP.
3fill in blank
hard

Complete the code to create a security group that allows all inbound traffic.

AWS
resource "aws_security_group" "allow_all" {
  name        = "allow_all"
  description = "Allow all inbound traffic"

  ingress {
    from_port   = 0
    to_port     = 0
    protocol    = "[1]"
    cidr_blocks = ["0.0.0.0/0"]
  }
}
Drag options to blanks, or click blank then click option'
A-1
Btcp
Cudp
Dicmp
Attempts:
3 left
💡 Hint
Common Mistakes
Using 'tcp' or 'udp' which only allow specific protocols.
Not using '-1' to represent all protocols.
4fill in blank
hard

Fill both blanks to create a security group that allows HTTPS inbound and denies all other inbound traffic.

AWS
resource "aws_security_group" "https_only" {
  name        = "https_only"
  description = "Allow HTTPS inbound only"

  ingress {
    from_port   = [1]
    to_port     = [2]
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }

  egress {
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    cidr_blocks = ["0.0.0.0/0"]
  }
}
Drag options to blanks, or click blank then click option'
A443
B80
C22
D53
Attempts:
3 left
💡 Hint
Common Mistakes
Using port 80 which is for HTTP, not HTTPS.
Using different values for from_port and to_port.
5fill in blank
hard

Fill all three blanks to create a security group that allows inbound SSH from a specific IP, HTTP from anywhere, and denies all other inbound traffic.

AWS
resource "aws_security_group" "custom_sg" {
  name        = "custom_sg"
  description = "Allow SSH from office and HTTP from anywhere"

  ingress {
    from_port   = [1]
    to_port     = [2]
    protocol    = "tcp"
    cidr_blocks = ["[3]"]
  }

  ingress {
    from_port   = 80
    to_port     = 80
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }

  egress {
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    cidr_blocks = ["0.0.0.0/0"]
  }
}
Drag options to blanks, or click blank then click option'
A22
C192.168.1.100/32
D0.0.0.0/0
Attempts:
3 left
💡 Hint
Common Mistakes
Using 0.0.0.0/0 for SSH which opens access to everyone.
Using different ports for from_port and to_port.