AWS: Creating an security group for access.
Amazon provided Security groups which acts as a firewall for associated instances, controlling both the in and outbound traffic at the instance level. We much add rules to the security group that enables you to connect to our instances from the IP address using for RDP. We can also add rules that allow in/ out bout of HTTP and HTTPS access from anywhere.
Note: If we plan to launch instances in multiple regions we needed to create a security group in each region.
Prerequisites: We need the public IP address of all the local computers from which we want to use this service.
To Create a security group with least privileges.
a). Open the Amazon EC2 console.
b). From the navigation bar, select a region for the security group. Security groups are specific to a region, so you should select the same region in which you created your key pair.
c). Select a region
d). Click Security Groups in the navigation pane.
e). Click Create Security Group.
f). Enter a name for the new security group and a description. Choose a name that is easy for you to remember, such as your IAM user name, followed by _SG, plus the region name. For example, My_Test_SG. In the VPC list, select your VPC. If you have a default VPC, it's the one that is marked with an asterisk (*).
h). On the Inbound tab, create the following rules (click Add Rule for each new rule), and then click Create:
i) Select HTTPS from the Type list, and make sure that the Source is set to Anywhere (0.0.0.0 /0).
j) Click on Outbound Select RDP from the Type list. In the Source box, ensure Custom IP is selected, and specify the public IP address of your computer or network in CIDR notation. To specify an individual IP address in CIDR notation, add the routing prefix /32. For example, if your IP address is 183.82.39.215, specify 183.82.39.215/32. If your company allocates addresses from a range, specify the entire range, such as 183.82.39.215/24.
Note: For security reasons, we don't recommend that you allow RDP access from all IP addresses (0.0.0.0 /0) to your instance, except for testing purposes and only for a short time.
Please comment and suggestions are always welcome.
Keywords: AWS Account, IAM, VPC, Security Group, Security Key Pair, Creating New account, Security AWS
Comments
Post a Comment