Configuring an Amazon Web Services Security Group
Security Groups are just like firewalls, you can set what you want to allow into your system or not on both public and private interfaces.
Building out an Amazon Security Group is much like building out a firewall for your systems. You can have as many security groups as you need to isolate features and functions for a group of servers or an individual server.
Some handy tips though, or things I wish I had known before I got here:
- Your security group is literal, if you turn off SSH access because you are using a windows group, but bring up a Linux server, SSH will not get through so you can’t go configure it from the command line.
- Your security group should never allow all – there is plenty of service scanning going on already within any cloud environment, you should only open the ports you need to do work with.
- You should name your security groups by function to make it easier to hunt down issues later on in the security group, or to modify security groups for large chunks of computer systems that you have running in the cloud. An HR group will need different ports open than the Sales group.
Here is a quick video on how to setup and configure Security Groups in Amazon and use them to keep unwanted scanning out, while still being able to use those systems for work.
(Cross-posted @ Hacking Cloud Computing)