Security Group
instance level firewall
Overview
a virtual firewall, that controls incomming & outgoing traffic for your cloud resources: servers, databases.
Properties
Can only be used inside the VPC/region that you
specify
when you create the SG.Can be attached to
MULTIPLE
intances.You
can only
specify ALLOW rules, not deny rules.By default
Allow all outbound
Deny all inbound
Because when you create a SG, by default
Has 1 outbound rule that allows all outbound
No inbound rule.
vs. NACL
Security Group
NACL
level
instance level
subnet level
state
statefull
stateless
rule
only support Allow
rule
support both Allow
& Deny
rules
default
- deny all inbound - allow all outbound
allow all in/outbound traffic
evaluate
all the rule before deciding
proceed by pritority number, start from 100..
Trivia
1 instance has max 5 Security groups.
1 SG has maximum 60 inbound rules, and 60 outbound rules.
1 SG can be attached to many EC2 instances.
Last updated