Amazon Web Services: Security Groups

Security is one of the elements of infrastructure configuration, which is very often overlooked. Often administrators focus on delivering functionality and fulfilling requirements, while not caring about securing the infrastructure against attacks, believing that it’s probably going to be fine. However, no sophisticated mechanisms and solutions are needed to ensure basic security… But let us start from the beginning.

Filtering network traffic

AWS: Security Groups

Security Groups configuration

Example using Terraform

resource "aws_security_group" "web-sg" {
name = "web-sg"
vpc_id = "${aws_vpc.vpc.id}"
description = "Allow incoming WEB connections"
tags {
Name = "web-sg"
}
# Allow incoming SSH
ingress {
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
# Allow incoming HTTP
ingress {
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
# Allow incoming HTTPS
ingress {
from_port = 443
to_port = 443
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
# Allow incoming ICMP
ingress {
from_port = -1
to_port = -1
protocol = "icmp"
cidr_blocks = ["0.0.0.0/0"]
}
# Allow all outgoing traffic
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
}

Summary

Enterprise websites built with best Open Source solutions. We are an Agile software development company. We create big websites with Drupal 8, Symfony and React