Book Image

Practical AWS Networking

By : Mitesh Soni
Book Image

Practical AWS Networking

By: Mitesh Soni

Overview of this book

Amazon Web Services (AWS) dominates the public cloud market by a huge margin and continues to be the first choice for many organizations. Networking has been an area of focus for all the leading cloud service providers. AWS has a suite of network-related products which help in performing network related task on AWS. This book initially covers the basics of networking in AWS. Then we use AWS VPC to create an isolated virtual cloud for performing network-related tasks. We then provide an overview of AWS Direct Connect after taking a deep dive into scalability and load balancing using the auto scaling feature, Elastic Load Balancing, and Amazon Route S3. Toward the end of the book, we cover troubleshooting tips and security best practices for your network. By the end of this book, you will have hands-on experience of working with network tasks on AWS.
Table of Contents (15 chapters)
Title Page
Dedication

Security groups

A security group is a virtual firewall. It manages the traffic flow from and to AWS instances. It is easy to associate a security group with instances in AWS as you can do this while creating an instance. You can assign up to five security groups at the time of launching an instance or after launching the instance. Each security group can serve one or more instances. Security groups are associated with the primary network interface (eth0) of an instance.

Each AWS account comes with a default security group for each VPC and each region. By default, instances are associated with the default security group. The default security group can't be deleted, but it allows all inbound traffic from other instances associated with the default security group and all outbound traffic from the instance.

There are some differences between security groups for EC2-Classic and EC2-VPC. You can find out more at http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_SecurityGroups.html#VPC_Security_Group_Differences.

Let's try and create a security group and look at what we can do:

  1. Go to the EC2 or VPC dashboard via Network & SecuritySecurity Groups and click on Create Security Group.
  2. Provide a Security group name and select the VPC that the security group belongs to.
  3. You need to configure security rules for inbound and outbound traffic. Based on these rules, traffic is controlled with the use of a security group in AWS. By default, a security group includes an outbound rule that allows all outbound traffic:
  1. Click on Add Rule and select Type, Protocol, Port Range, Source, and Description.
  2. You can create one or multiple rules based on your requirements:
  1. Click on Create and verify the security group in the EC2 Dashboard or VPC Dashboard.

If the instance or the web server is not accessible via PuTTY or a web browser, then you need to troubleshoot the issue. To do this, you need to figure out whether everything is fine with the security group and whether the appropriate rules have been configured or not.

If you change the inbound or outbound traffic rules, then they will be applied to the instances immediately.