How to Update Your Amazon EC2 Security Group
Update Your Amazon EC2 Security Group
While launching an Amazon EC2 instance, determining a security group is essential to protect your cluster. A security group (SG) is nothing but a virtual firewall that restricts traffic for several EC2 instances. You can create this security group in either EC2-Classic or EC2-VPC. When launching an Amazon EC2 instance, you need to specify its security group. It allows you to choose which protocols and ports are open to computers over the internet. You can choose to use the default security group and then customize it, or you can create your own security group. Configuring a security group can be done with code or using the Amazon EC2 management console.
In the process of Launch an Instance, we created a security group that enabled HTTP over port 80. The security group allows all traffic to access the Amazon EC2 instance directly over HTTP/ 80. because of an Elastic Load Balancer. But a more secure method is, to allow only the load balancer to access your Amazon EC2 instance. In addition, because we have launched two new instances with our Auto Scaling group, we want all the instances to access the information from one database so that the information presented to the user will stay in sync. To do so, we need to set up a new rule so that the new instances can query the database on the original instance by using MySQL. In this task, you will update your security group to allow only the load balancer to access your Amazon EC2 instance, over HTTP/ 80 and allow only the instances inside the webappsecuritygroup to accept inbound traffic over 3306/ MySQL. There are several ways you can set up your database, including setting up a dedicated database server or using Amazon RDS. Setting up a database is beyond the scope of this document. For more information about setting up Amazon RDS for your web application, go to Step 8: Add Amazon RDS inside the Getting Started Guide Web Application Hosting for Linux.
Things to be considered:
- A security group’s permission includes rules that apply to IP protocols.
- Once a security group’s name is specified, it cannot be changed.
- You must assign each server to at least one server group.
- Assign different security groups for different deployments in your Dashboard.
Configuring your security group:
- Open the Amazon EC2 console at https:// console.aws.amazon.com/ ec2/.
- In the Navigation pane, in the Region list, click US East (Virginia).
- In the Navigation pane, click Security Groups.
- On the Security Groups page, click the security group webappsecuritygroup that you created in the previous procedure.
- Under Security Group, click the Inbound tab.
- In the row that displays port 80 (HTTP), click Delete.
- In the Create a new rule list, click HTTP.
- In the Source box, type amazon-elb/ amazon-elb-sg. This is the name of the security group that AWS assigns to the Elastic Load Balancer. Click Add Rule.
- In the create a new rule drop-down box, click MYSQL.
- In the source box, type webappsecuritygroup. Select the security group ID for the webappsecuritygroup when it appears.
- Click add a rule.
- Click apply rule changes.
Note: The rules of this security group will be enforced when the instances that use these rules are launched.
Now that you have configured your Amazon EC2 security group, you can move on to further post Launch Amazon EC2 Instances Using Auto Scaling.
Enroll for Instructor Led Live Amazon Web Services Training