0
0
AwsConceptBeginner · 3 min read

What is a Security Group in VPC: Simple Explanation and Example

A security group in a VPC is like a virtual firewall that controls the traffic allowed to reach your cloud resources. It lets you set rules to allow or block inbound and outbound network traffic based on protocols, ports, and IP addresses.
⚙️

How It Works

Think of a security group as a set of rules that act like a gatekeeper for your cloud resources inside a Virtual Private Cloud (VPC). Just like a security guard checks who can enter or leave a building, a security group checks network traffic trying to reach or leave your servers.

Each security group has rules that say what kind of traffic is allowed in or out. For example, you can allow web traffic on port 80 but block everything else. These rules are stateful, meaning if you allow incoming traffic on a port, the response traffic is automatically allowed back out.

This helps keep your resources safe by only letting the right kind of traffic through, much like how you only open your front door to trusted visitors.

💻

Example

This example shows how to create a security group in AWS using AWS CLI that allows inbound HTTP traffic on port 80 and SSH on port 22.

bash
aws ec2 create-security-group --group-name MyWebSG --description "Security group for web server" --vpc-id vpc-123abc45

aws ec2 authorize-security-group-ingress --group-name MyWebSG --protocol tcp --port 80 --cidr 0.0.0.0/0
aws ec2 authorize-security-group-ingress --group-name MyWebSG --protocol tcp --port 22 --cidr 203.0.113.0/24
Output
Created security group with ID: sg-0a1b2c3d4e5f6g7h8 Ingress rules added for port 80 from anywhere Ingress rules added for port 22 from 203.0.113.0/24
🎯

When to Use

Use security groups whenever you want to control network access to your cloud resources inside a VPC. They are essential for protecting servers, databases, and applications from unwanted traffic.

For example, if you run a web server, you might allow HTTP and HTTPS traffic but block everything else. For a database server, you might only allow traffic from your application servers' IP addresses.

Security groups are also useful for isolating environments, like allowing only internal traffic between servers in a private subnet.

Key Points

  • Security groups act as virtual firewalls for your VPC resources.
  • They control inbound and outbound traffic using rules based on ports, protocols, and IP ranges.
  • Rules are stateful: return traffic is automatically allowed.
  • You can assign multiple security groups to a resource for layered security.
  • They help protect your cloud resources from unauthorized access.

Key Takeaways

A security group controls network traffic to and from your VPC resources like a virtual firewall.
It uses rules to allow or block traffic based on ports, protocols, and IP addresses.
Security group rules are stateful, so return traffic is automatically allowed.
Use security groups to protect servers, databases, and applications from unwanted access.
You can assign multiple security groups to a resource for flexible security control.

Related by keyword

What is Auto Scaling Group in AWS: Simple Explanation and ExampleEC2How to Create Security Group for EC2 Instances in AWSEC2How to Open a Port in AWS Security GroupEC2How to Configure Security Group for AWS RDS InstancesRDSWhat is Assume Role in AWS: Simple Explanation and ExampleIAM

Up next

What is AWS API Gateway: Overview and Use CasesWhat is Stage in API Gateway: Definition and UsageHow to Connect to AWS RDS: Simple Steps for BeginnersHow to Create a MySQL RDS Instance on AWS Easily

More in VPC

Gateway Endpoint vs Interface Endpoint in AWS: Key Differences and UsageHow to Configure Route Table in AWS: Step-by-Step GuideHow to Configure VPC Flow Logs in AWS: Step-by-Step GuideHow to Connect AWS VPC to On-Premise Network Securely