Stack Overflow
Stack Overflow

Questions tagged [aws-security-group]

Amazon EC2 Security Groups

Amazon EC2 Security Groups for EC2. A security group acts as a virtual firewall that controls the traffic for one or more instances. When you launch an instance, you associate one or more security groups with the instance.

See Amazon EC2 Security Groups

820 questions
14
votes
2 answers

Why do we need a Private Subnet + NAT translation in AWS? Can't we just use a Public Subnet + a properly configured security group?

So the purpose of private subnets in AWS is for its instances to not be directly accessible from the outside world. There are however cases (successfully resisted the 'instances' pun) in which it's useful for the instances to have access to the…
Momchil Anachkov
  • 881
  • 6
  • 10
14
votes
1 answer

On AWS EC2, I cannot do wget or curl, or any outbound connection

On a freshly installed EC2: The Security Group is default. "All Traffic" is ALLOWed for 0.0.0.0/0 for both Inbound and Outbound. The "Network ACL" has some limitations for inbound as we want our website on this domain to be an internal network…
Khom Nazid
  • 548
  • 1
  • 7
  • 20
12
votes
6 answers

Connection reset by peer : AWS EFS

I am trying to setup EFS and access it using EC2 instances in different availability zones. I have created a separate security group for EFS, which allows traffic for the security group attached to EC2 instances. Installed amazon-efs-utils utility…
Ashy Ashcsi
  • 1,529
  • 7
  • 22
  • 54
12
votes
1 answer

Terraform - Iterate and create Ingress Rules for a Security Group

I've been writing reusable modules for an AWS infrastructure. In creating a security group, my approach is to create a generic module for a security group and provide a list of ports in the control code. However, when using count it creates a…
Udara Jayawardana
  • 1,073
  • 2
  • 14
  • 27
12
votes
3 answers

AWS Security Group for RDS - Outbound rules

I have a security group assigned to an RDS instance which allows port 5432 traffic from our EC2 instances. However, this security group has all outbound traffic enabled for all traffic for all IP's. Is this a security risk? What should be the ideal…
Manoj M J
  • 409
  • 4
  • 16
12
votes
5 answers

Elastic Beanstalk deployment failing because of a dangling security group

When doing a deployment with Elastic Beanstalk, we got the following error: ERROR: Configuration validation exception: Invalid option value: 'sg-fdd33e89' (Namespace: 'aws:autoscaling:launchconfiguration', OptionName: 'SecurityGroups'): The security…
Touko
  • 11,359
  • 16
  • 75
  • 105
10
votes
3 answers

CloudFormation throws "Value () for parameter groupId is invalid. The value cannot be empty" when launching EC2 instance

I was wanting to write a complete CloudFormation template for a single Linux EC2 Instance in a public subnet. I used AWS CloudFormation template for creating an EC2 Instance with a Security Group as my starting point. This template launches an…
Taterhead
  • 5,763
  • 4
  • 31
  • 40
10
votes
9 answers

Why can't i telnet my aws instance?

Created an AWS AMI instance. I can telnet from the instance itself telnet [Pv4 Public IP] 9200 But not from my pc. This is my security group What am I doing wrong?
Bick
  • 17,833
  • 52
  • 146
  • 251
10
votes
1 answer

How to describe Security Groups for a VPC?

Is there a way to describe a Security Group in a specific VPC? Here is what I am trying to run : aws ec2 describe-security-groups --group-name "" --filter Name=vpc-id,Values= But it is returning this error : A client error…
Arun Avanathan
  • 982
  • 4
  • 11
  • 26
10
votes
4 answers

Is there a way to add a description for AWS Security Group rules

I have now 5 different security groups which I have tried to organize the best I can. I sometimes need to open SSH access to some instances depending on what location I am in, so I add the rules from my current IP for inbound port 22. I can get in…
Arnaud Bouchot
  • 1,885
  • 1
  • 21
  • 19
10
votes
1 answer

Disallowing rule in EC2 security group is not affecting already-established MongoDB connections

This is the case: Instance X is able to connect to instance Y on TCP port 27017 (allowed by EC2 security group) X has mongo shell Y has MongoDB running, accepting connection from X on port 27017 From X, use mongo shell to connect to DB instance on…
Tung Nguyen
  • 1,874
  • 3
  • 18
  • 28
10
votes
1 answer

In AWS EC2, what does a security group with no inbound rules mean?

Does it mean that no inbound access whatsoever is allowed on the instance?
Bob Risky
  • 805
  • 1
  • 9
  • 22
9
votes
6 answers

AWS API Gateway should prevent use of TLS v1

Refering to AWS Cloudfront Documentation, AWS API Gateway supports TLS v1.0, v1.1, v1.2. But I want to limit the encryption protocols to TLS v1.1 and v1.2 for my Gateway API. Where do I configure this? I do not see any cloudfront distribution for my…
suman j
  • 6,710
  • 11
  • 58
  • 109
8
votes
3 answers

How to add a security group to an existing RDS with CDK without cyclic-dependency

I have a multi-stack application where I want to deploy an RDS in one stack and then in a later stack deploy a Fargate cluster that connects to the RDS. Here is how the rds gets defined: this.rdsSG = new ec2.SecurityGroup(this, `ecsSG`, { …
Coherent
  • 1,933
  • 5
  • 24
  • 33
8
votes
2 answers

AWS Security group vs Network ACLs

I have multiple EC2 instances in my AWS console which I wanted to make secured by adding firewall rules/policies. I read that AWS provides Network ACLs and Security Groups to achieve the same. From what I read, I got the basic idea about…
Amit kumar
  • 2,169
  • 10
  • 25
  • 36
1
2
3
54 55