AWS: Security Groups through CLI

-

Prerequisite:
Knowledge of AWS EC2 and it's security groups.
How to install and configure AWS CLI.

Here are some important points to remember about AWS security groups.
  • AWS security groups are instance level security measure. 
  • A security group can have several instances in it. It acts as a virtual firewall for them. 
  • They let you define rules for allowing inbound and outbound traffic. Please not that you can only allow but can not explicitly deny traffic from an particular host or range of IPs (that can be done with help of NACLs).
  • Rules can be added and removed at any time and will be effective immediately (or in a very short interval). 
  • Security groups are state-full, which means any request that goes outside it's response is allowed inside, no matter what the outbound rules are.
  • All the rules are processed before allowing any traffic. 
  • In a custom security group all outbound traffic is allowed and all inbound traffic is blocked.
Below steps explains you to create a security group through amazon CLI. 

1) Create a new security group
Once you are inside window's powershell and AWS CLI is configured, use below command

aws ec2 create-security-group --group-name CLIGroup --description "Testing"

Group name and description are mandatory attributes. If you need it in particular VPC --vpc-id can be used. Group name has to be unique or else it will give error. Output will provide the id of newly created group.

2) Add inbound rule

To add inbound rules use

aws ec2 authorize-security-group-ingress --group-id sg-0e905383785119273 --protocol tcp --port 22 --cidr 0.0.0.0/0


aws ec2 authorize-security-group-ingress --group-id sg-0e905383785119273 --protocol tcp --port 443 --cidr 0.0.0.0/16

As the commands states these will authorize traffic through tcp port 22 (ssh) from cidr range 0.0.0.0/0 and through port 443 (https) from 0.0.0.0/16

* ingress means incoming

3) Add outbound rule

To add outbound rules use

aws ec2 authorize-security-group-egress --group-id sg-0e905383785119273 --protocol tcp --port 22 --cidr 0.0.0.0/0

By default all outbound traffic is allowed, but we can delete that rule and allow only specific port open to interact with.

4) Delete a rule

Simply use revoke instead of authorize. Remember to mention exact same details.

aws ec2 revoke-security-group-ingress --group-id sg-0e905383785119273 --protocol tcp --port 22 --cidr 0.0.0.0/0

aws ec2 revoke-security-group-egress --group-id sg-0e905383785119273 --protocol tcp --port 22 --cidr 0.0.0.0/0

Here is the complete result. I did not run the revoke commands. 

5) Delete the security group

Finally to delete security group use

aws ec2 delete-security-group --group-id sg-0e905383785119273

It won't give any out but will delete the complete security group.

I hope this help. Please try and do let me know your experience and issues on the way. Happy learning.


Comments

Post a Comment

"Please leave the footprints, I would love to read your views :) "
( HTML Tags for link, bold, italic and similar can also be used )

Popular posts from this blog

An Untold Story

-
Image
This post has been published by me as a part of the Blog-a-Ton 32 ; the thirty-second edition of the online marathon of Bloggers; where we decide and we write. To be part of the next edition, visit and start following Blog-a-Ton . The theme for the month is 'An Untold Story' " Jab bachche the to khilone tutne par bhi rote the, aaj dil toot jane par bhi sambhal jaate hain " There is a story within each one of us which we want to share. Today I am going to tell you one of such story,that was actually once lived. It is not a fiction or just a heap of thoughts. It is a real story.. An Untold Story that needed to be told... She choked,as she saw a guy,through the glass wall of the restaurant, fairly handsome, accompanied by a woman, fair complexion, sharp features,black eyes, unlike his, wearing a green sari with half tucked hair, his wife, she guessed. They entered the same place and occupied the seat exactly opposite to her. She tried to escape without being
Read more

Journey With A Cute Guy...!!!

-
Image
This post has been published by me as a part of the Blog-a-Ton 33 ; the thirty-third edition of the online marathon of Bloggers; where we decide and we write. To be part of the next edition, visit and start following Blog-a-Ton . The theme for the month is 'Celebrations' Reader's guide : Text written in *....* is what my character is thinking or saying to herself in mind... * Mamma's gift, check..!! Popsi's gift, check..!! Sadu's gift (my brother), check..!! toothbrush, sunscreen, face-pack....check..!! Hmm I think I am done,now I should leave.. * "Hello guard uncle,will you please open the door for me? " "Sure sure..Going home beta?" "Yes guard uncle..Diwali with Family...!!" "OK beta..Take care and do not talk to strangers.OK?" "Ooh uncle, you know that's tough for me..I can't even sit quite continuously for 10 min..and I have to travel for 8 hours." "hahaha....Go enjoy...Happy Di
Read more

Experience worth a million words: Children's day celebration!

-
Image
When asked what they want to be, doctor and engineer were not even close to their answers! This children's day, I picked my scooter and hit the road to see, if there is anything I can do. I knew visiting orphanages or government schools is always an option. But it's an option for almost everyone. I wanted to do something different. Last year I took kids who sell balloons and roses outside 'Noida Sector 18' metro station, to the nearby McDonald's. Staff was overwhelmed and allowed them inside. Heck of a day it was! This year I had nothing in my mind. I only rode for a minute or two, when I saw these kids, playing. There is a construction site nearby. They belong to workers employed there. I called one of the elder woman, and asked if I'll offer anything for these kids to eat, would she approve? She delightedly accepted my request. I asked her how many kids are here and rushed to nearby market(Qutub Plaza) and ordered 10 Dominos mini parcels. Bought 10 KitK
Read more