Skip to main content

AWS: Security Groups through CLI


Prerequisite:
Knowledge of AWS EC2 and it's security groups.
How to install and configure AWS CLI.

Here are some important points to remember about AWS security groups.
  • AWS security groups are instance level security measure. 
  • A security group can have several instances in it. It acts as a virtual firewall for them. 
  • They let you define rules for allowing inbound and outbound traffic. Please not that you can only allow but can not explicitly deny traffic from an particular host or range of IPs (that can be done with help of NACLs).
  • Rules can be added and removed at any time and will be effective immediately (or in a very short interval). 
  • Security groups are state-full, which means any request that goes outside it's response is allowed inside, no matter what the outbound rules are.
  • All the rules are processed before allowing any traffic. 
  • In a custom security group all outbound traffic is allowed and all inbound traffic is blocked.
Below steps explains you to create a security group through amazon CLI. 

1) Create a new security group
Once you are inside window's powershell and AWS CLI is configured, use below command

aws ec2 create-security-group --group-name CLIGroup --description "Testing"

Group name and description are mandatory attributes. If you need it in particular VPC --vpc-id can be used. Group name has to be unique or else it will give error. Output will provide the id of newly created group.

2) Add inbound rule

To add inbound rules use

aws ec2 authorize-security-group-ingress --group-id sg-0e905383785119273 --protocol tcp --port 22 --cidr 0.0.0.0/0


aws ec2 authorize-security-group-ingress --group-id sg-0e905383785119273 --protocol tcp --port 443 --cidr 0.0.0.0/16

As the commands states these will authorize traffic through tcp port 22 (ssh) from cidr range 0.0.0.0/0 and through port 443 (https) from 0.0.0.0/16

* ingress means incoming

3) Add outbound rule

To add outbound rules use

aws ec2 authorize-security-group-egress --group-id sg-0e905383785119273 --protocol tcp --port 22 --cidr 0.0.0.0/0

By default all outbound traffic is allowed, but we can delete that rule and allow only specific port open to interact with.

4) Delete a rule

Simply use revoke instead of authorize. Remember to mention exact same details.

aws ec2 revoke-security-group-ingress --group-id sg-0e905383785119273 --protocol tcp --port 22 --cidr 0.0.0.0/0

aws ec2 revoke-security-group-egress --group-id sg-0e905383785119273 --protocol tcp --port 22 --cidr 0.0.0.0/0

Here is the complete result. I did not run the revoke commands. 

5) Delete the security group

Finally to delete security group use

aws ec2 delete-security-group --group-id sg-0e905383785119273

It won't give any out but will delete the complete security group.

I hope this help. Please try and do let me know your experience and issues on the way. Happy learning.


Comments

Popular posts from this blog

Chocolate and Me...

This post has been published by me as a part of the Blog-a-Ton 53; the fifty-third edition of the online marathon of Bloggers; where we decide and we write. In association with ​Soulmates: Love without ownership by Vinit K Bansal. To be part of the next edition, visit and start following Blog-a-Ton.
One fine morning, when the sun was bright; I was craving for chocolate, straight from night. I ran to my mother, jumped and gave her kiss, She gave me my chocolate as she promised. I was holding it tight, like the rat in eagle’s claw, Enjoying it thoroughly which my brother had saw. He came with a report card, pretending to whine, Said he’ll give me a bigger one, if I got it signed. I made my way toward the terrace for solace, After giving him my best ‘Do you think I’m stupid face’? I wave a pretentious hello to my despicable neighbor, Smiling at him, is itself a big favor. Besides failing a hundred times, he offered this time straight, ‘I’ll shower you with chocolate if you’ll agree for …

बचपन की पोटरी: किसी की मुस्कुराहटों...!

बात उन दिनों की है जब मैं तीसरी क्लास में थी और भाई दूसरी | हमे स्कूल बस पकड़ने के लिए करीब 200 मीटर चलकर गली से बाहर आना पड़ता था | ज्यादातर मैं और भाई अकेले ही चले जाते थे, पर कोशिश रोज़ होती के पापा हमे छोड़ने आये | कारण था नया नया स्टेट बैंक का एटीएम | याद है पहले हमे उसके अंदर जाने के लिए भी कार्ड स्वाइप करना होता था | जब तक बस नहीं आती हम उसी एटीएम के कमरे में घुस जाते और ऐसे रहते जैसे उन 5-10 मिनट के लिए हम उसके मालिक हों | कभी उसके केमेरे में देखकर अजीब अजीब शकल बनाते और कभी पूरे भारत में एस बी आई एटीएम की लोकेशंस प्रिंट आउट निकाल कर बैग में भर लेते | जब पापा उसमे कार्ड डालते तो राजाओं की तरह उसे पैसे निकालने का आदेश देते | कभी जब खेलने का मन नहीं होता तो हम बस कांच से बहार की दुनिया देखते रहते | जैसे हमारे लिए सब नया हो, जैसे हमे इस दुनिया के हैं ही नहीं | सुबह के सात बजे हमे हमारे छोटे से 5 मिनट के महल में कोई परेशान करने नहीं आता | हाँ महल | वरना ए सी की ठंडी हवा और कहाँ खाने मिलेगी, वो भी मुफ्त !

एक दिन सुबह बहुत ज़ोरों की बारिश हो रही थी | पापा को पिछली शाम बारिश में भीगकर घर…

"Happy Periods" aka menstral cup...!!!

Have you ever had this feeling during periods, "Why God why? Why I am a girl? Why don't boys have periods? Why can't it only happen once a year?  Why can't I just stay at home and sit at a place all day long? 😖" A few months back, I used to hate my periods. They are painful, messy and agonizing. Then somehow I switched to 'menstrual cup'. I'm not saying I love periods now, but this cup made them bearable. So here I present my story of not so bad periods.😊

I'll directly come on point.

Question no. 1: Why do I want to get rid of sanitary pads?
Phew! I got tons of reasons.
That uneasy feeling! No matter how soft they became over time, yet after an hour of use, they start killing me down there. I don't want to walk with a pad between my legs, or even stand. Many of you might feel the same way. After 3 to 4 hours it starts feeling heavy and after 6 hours, it gets this weird wetness. Above all, even when I'm not bleeding much, they keep remindi…