- Fundamental of network security in AWS
- Only contain allow rules
- Can reference by IP or by another Sg
EC2 - Sg groups
- Sg groups act as firewall on EC2 instances
- They regulate - Access to ports, Authorized IPs, Inbound and outbound network control
- Can be attached to multiple instances
- Locked down to region/VPC combination
- Since it lives outside the EC2 instance, the instance wont see the blocked traffic, and user will see a timeout issue. If use see connection refused then its application issue
- All inbound is blocked by default
- Outbound is authorized by default