From the course: AWS Essential Training for Developers
Using security groups as firewalls - Amazon Web Services (AWS) Tutorial
From the course: AWS Essential Training for Developers
Using security groups as firewalls
- So let's say that this cable represents our external internet traffic and we're going to connect it to our network interface so that our customers can access our web server. Now, for anyone who's run servers before or set up a home network, you would know that what I'm doing here is a pretty bad idea. This is unfiltered internet traffic, which means that unless I'm plugging this cord first into a firewall or say a home router, or I'm running a software firewall on my server, that I'm exposing my server to attacks from hackers that are scanning Amazon's IP ranges, just looking for exposed servers like this one. To solve this, Amazon uses security groups, which act as simple firewalls, which allow you to expose only the parts of your server that are configured for public internet traffic. Think of these as line filters on ethernet cords going into your servers. If you do see a security group on a diagram, it's usually a black and red dashed line that is drawn around the resource it's protecting, such as an EC2 instance. Now that I've got a security group in place, I'm ready to connect back to the public internet. Let's take a look at an example diagram and then we'll make a change to our security group. This diagram shows a single EC2 instance in the center with public internet access. We'll introduce the other symbols in this diagram throughout the course. The red box surrounding this EC2 instance shows the security group applied to this instance. Other diagrams might use a red and black dashed box instead of the solid red box. Not all diagrams will show the security group, but they are enabled by default and are affecting the traffic coming into and out of your instance. AWS organizations allow you to share security groups between your various AWS accounts, and this diagram shows you where a security group lives within the hierarchy of your organization. Let's make some changes to our example security groups.
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
-
-
-
Using security groups as firewalls2m 21s
-
(Locked)
Editing security groups6m 34s
-
(Locked)
Virtual Private Cloud (VPC)4m 1s
-
(Locked)
Public and private subnets2m 23s
-
(Locked)
Internet and NAT gateways4m 36s
-
(Locked)
Static addresses with Elastic IPs4m 56s
-
(Locked)
Using VPNs to access private subnets3m 23s
-
(Locked)
Scaling with Elastic Load Balancer (ELB)2m 46s
-
(Locked)
Creating an Application Load Balancer (ALB)7m 9s
-
(Locked)
Pointing a domain to your EC2s with Route 536m 57s
-
(Locked)
Challenge: Add a server to your load balancer26s
-
(Locked)
Solution: Add a server to your load balancer2m 39s
-
-
-
-
-
-
-
-
-
-