Review Amazon VPC Security Configuration
Amazon Virtual Private Cloud (Amazon VPC) enables you to launch Amazon Web Services (AWS) resources into a virtual network that you’ve defined. This virtual network closely resembles a traditional network that you’d operate in your own data center, with the benefits of using the scalable infrastructure of AWS.
Security groups for EC2-VPC have separate limits. Your VPC can be enabled for IPv6. You can add rules to your VPC security groups to enable inbound and outbound IPv6 traffic.
For VPC security groups, responses to allowed inbound traffic are allowed to flow out, regardless of outbound rules.
For each rule, you specify the following:
- Protocol: The protocol to allow. The most common protocols are 6 (TCP) 17 (UDP), and 1 (ICMP).
- Port range : For TCP, UDP, or a custom protocol, the range of ports to allow. You can specify a single port number (for example,
22
), or range of port numbers (for example,7000-8000
). - ICMP type and code: For ICMP, the ICMP type and code.
- Source or destination: The source (inbound rules) or destination (outbound rules) for the traffic. Specify one of these options:
- An individual IPv4 address. You must use the
/32
prefix length; for example,203.0.113.1/32
. - (VPC only) An individual IPv6 address. You must use the
/128
prefix length; for example2001:db8:1234:1a00::123/128
. - A range of IPv4 addresses, in CIDR block notation, for example,
203.0.113.0/24
. - (VPC only) A range of IPv6 addresses, in CIDR block notation, for example,
2001:db8:1234:1a00::/64
. - (VPC only) The prefix list ID for the AWS service; for example,
pl-1a2b3c4d
. - Another security group. This allows instances associated with the specified security group to access instances associated with this security group. This does not add rules from the source security group to this security group. You can specify one of the following security groups:
- The current security group.
- EC2-Classic: A different security group for EC2-Classic in the same region.
- EC2-Classic: A security group for another AWS account in the same region (add the AWS account ID as a prefix; for example,
111122223333/sg-edcd9784
). - EC2-VPC: A different security group for the same VPC or a peer VPC in a VPC peering connection.
- An individual IPv4 address. You must use the
Thank You! 🙂
Leave a comment