AWS: Security Groups through CLI

-

Prerequisite:
Knowledge of AWS EC2 and it's security groups.
How to install and configure AWS CLI.

Here are some important points to remember about AWS security groups.
  • AWS security groups are instance level security measure. 
  • A security group can have several instances in it. It acts as a virtual firewall for them. 
  • They let you define rules for allowing inbound and outbound traffic. Please not that you can only allow but can not explicitly deny traffic from an particular host or range of IPs (that can be done with help of NACLs).
  • Rules can be added and removed at any time and will be effective immediately (or in a very short interval). 
  • Security groups are state-full, which means any request that goes outside it's response is allowed inside, no matter what the outbound rules are.
  • All the rules are processed before allowing any traffic. 
  • In a custom security group all outbound traffic is allowed and all inbound traffic is blocked.
Below steps explains you to create a security group through amazon CLI. 

1) Create a new security group
Once you are inside window's powershell and AWS CLI is configured, use below command

aws ec2 create-security-group --group-name CLIGroup --description "Testing"

Group name and description are mandatory attributes. If you need it in particular VPC --vpc-id can be used. Group name has to be unique or else it will give error. Output will provide the id of newly created group.

2) Add inbound rule

To add inbound rules use

aws ec2 authorize-security-group-ingress --group-id sg-0e905383785119273 --protocol tcp --port 22 --cidr 0.0.0.0/0


aws ec2 authorize-security-group-ingress --group-id sg-0e905383785119273 --protocol tcp --port 443 --cidr 0.0.0.0/16

As the commands states these will authorize traffic through tcp port 22 (ssh) from cidr range 0.0.0.0/0 and through port 443 (https) from 0.0.0.0/16

* ingress means incoming

3) Add outbound rule

To add outbound rules use

aws ec2 authorize-security-group-egress --group-id sg-0e905383785119273 --protocol tcp --port 22 --cidr 0.0.0.0/0

By default all outbound traffic is allowed, but we can delete that rule and allow only specific port open to interact with.

4) Delete a rule

Simply use revoke instead of authorize. Remember to mention exact same details.

aws ec2 revoke-security-group-ingress --group-id sg-0e905383785119273 --protocol tcp --port 22 --cidr 0.0.0.0/0

aws ec2 revoke-security-group-egress --group-id sg-0e905383785119273 --protocol tcp --port 22 --cidr 0.0.0.0/0

Here is the complete result. I did not run the revoke commands. 

5) Delete the security group

Finally to delete security group use

aws ec2 delete-security-group --group-id sg-0e905383785119273

It won't give any out but will delete the complete security group.

I hope this help. Please try and do let me know your experience and issues on the way. Happy learning.


Comments

Post a Comment

"Please leave the footprints, I would love to read your views :) "
( HTML Tags for link, bold, italic and similar can also be used )

Popular posts from this blog

"F?@K KNOWS"...The book review...!!!

-
Image
Book Details : Title : F?@K KNOWS Author : Mr. SHAILENDRA SINGH Publisher : RUPA PUBLICATIONS Published on : 7th JANUARY, 2013 Number of pages : 234 Genre : NON-FICTION Price : INR 195 Rating : 4/5 About the Author : Mr. Shailendra Singh, is  a well known ‘sports marketing guru’, an ‘advertising whizz’ and ‘Bollywood producer’ in the industry. He’s conceptualized the most famous and long-lasting campaigns for India’s biggest brands, managed and helped adjust the jockstraps of India’s most respected cricketers, and launched the careers of the country’s biggest celebrities. He’s opened a direct line of communication with India’s youth by creating massive music festivals, is emerging as Asia’s largest music promoter, and has produced over sixty Bollywood movies. He has worked on awareness campaigns for HIV/AIDS, cancer and piracy. "F?@K KNOWS" is his first attempt, and hopefully not the last. The Cover :   The striking yellow with the utt...
Read more

Khajuraho: A small town with international fame.

-
Image
"The world is getting more connected through technology and travel. Cuisines are evolving. Some people are scared of globalization, but I think people will always take pride in cultural heritage." - John Mackey Do you know a town which did not has a railway station till 2008, or a proper mall even today with a handful of known brands but has hotels like Ramada, The Lalit, and Radisson? Is it even possible? Yes, it is. I'm talking about Khajuraho. A small town in Chhatarpur district of Madhya Pradesh, widely known for its erotic sculpture throughout the world. But this town offers much more with the temple walls engraved with passionate lovers. Located in the Vindhya Mountain range, Khajuraho is a peaceful town without rush and traffic noises. Only greenery and a few huge hotel banners. You will easily find autos and cabs which could take you to different locations. The Temples: The temples are one of the UNESCO World Heritage Site and are divided into 3 gr...
Read more

Why Coherent Rambling...huh?

-
Image
  After eight long years since I started this blog in 2012, a pal called to inform me that my blog was the first result when she googled " coherent rambling. " I should be thrilled, correct? Well, it didn't surprise me. There's only my blog named with these words. I already knew it's unique (considerably). I created it. Allow me to explain why. In 2012, this blog had a different name, which I'm not going to tell. Cause I was in college, I didn't put much thought into it and opted for two words I heard most. Still not telling you. Then one day, I can't recall the day or even the year, my conscience rose and laughed at me for naming the blog so naively. Yeah, still not telling. Anyways, I sat down to find a new name. But how? or where? or what should I look? Those days I was reading a lot and was fascinated with oxymorons. They sound morons but are clever and amusing. Oxymorons are the group of contradicting or opposite words used together. Like Open sec...
Read more