AWS Security Groups’ Best Practices

AWS Security Groups are virtual firewalls that control inbound and outbound traffic to and from Amazon Web Services (AWS) resources, such as EC2 and RDS instances.

AWS Security Groups

Create a small number of security groups that can be combined together to create the desired security configuration. We recommend having a generic group for a resource of each type with all common rules, and a specific group for each individual resource with the particularities.

Recommended Security Groups:

  • A generic default group for each resource type: these groups are used to hold default groups that apply to the type of resource, for example, the SSH access to EC2 instances from a fixed administration IP address or the access to the database port for administration from a fixed administration IP.
    • ditwl-sg-rds-mariadb-def: default security group for all the MariaDB RDS resources. It is specific for MariaDB RDS resources as another type of database will use a different port.
    • ditwl-sg-ec2-def: default security group for all EC2 instances. It will have the SSH access rule.
  • A specific group for each resource:  It is recommended to have a group for each resource, it will be named using part of the resource name and the prefix will have the cloud and the resource type. Examples:
    • ditwl-aws-sg-rds-mariadb-pro-pub-01: security group for all the MariaDB RDS resources.
    • ditwl-sg-ec2-pro-pub-01: security group for all the WP EC2 instances.

Avoid creating too many groups and don’t use CIDR as a source (except for Internet as a source). It is better to use groups as a source, that way an element gets access to other resources by being a member of a group, not by having a specific IP that can change.

Table of Contents
Primary Item (H2)Sub Item 1 (H3)Sub Item 2 (H4)
Sub Item 3 (H5)
Sub Item 4 (H6)

Related Cloud Tutorials

AWS and Terraform Naming Best Practices
Terraform and AWS resource naming should follow a company standard. Each company has different requirements and the standard should be adjusted.
AWS Tagging Best Practices
Effective infrastructure resource tagging can greatly improve management, IaC, monitoring and cost visibility in AWS.
AWS S3, is a highly scalable and durable object storage used for data storage, backup, content distribution, data archiving, and as a foundation for building cloud-native applications.
Amazon Elastic Compute Cloud, is a web service offered by Amazon Web Services (AWS) that provides resizable and scalable compute capacity in the cloud. In simple terms, AWS EC2 allows you to launch and manage virtual machines, known as instances, in the AWS cloud.
AWS AMI, or Amazon Machine Image, is a pre-configured virtual machine image used to create and launch Amazon Elastic Compute Cloud (EC2) instances
terraform-aws-ec2-rds-basic-free - ITWL_AWS_Terraform_VPC_WP_RDS_tags.png
How to Share Infrastructure in Multiple Terraform Projects?
Methods to divide Terraform AWS infrastructure between different teams and projects using Terraform: Using Terraform Data Sources, Accessing a Remote Terraform State-file From Other Project, ...
How to use Ansible and Terraform together
This Ansible AWS tutorial shows how to use Ansible and its dynamic inventory to provision the software and configuration of infrastructure that has been created with Terraform.
AWS Terraform module
How to disable AWS instance destroy with Terraform?
Techniques to prevent infrastructure destroy in Terraform by protecting selected instances and resources from being accidentally destroyed.
terraform-aws-ec2-rds-basic-free - ITWL_AWS_Terraform_VPC_WP_Security1.png
How to programmatically use your public Internet IP address in Terraform?
Obtain your public IP address and use it in Terraform to create AWS Security Rules.
terraform-aws-ec2-rds-basic-free - ITWL_AWS_Terraform_VPC_WP_RDS_tags.png
Creating AWS RDS Database with Terraform (4/5)
Tutorial and source code explaining how to create and manage MariaDB (or MySQL) RDS database with Terraform in AWS.

Javier Ruiz

IT Wonder Lab tutorials are based on the rich and diverse experience of Javier Ruiz, who founded and bootstrapped a SaaS company in the energy sector. His company, which was later acquired by a NASDAQ traded company, managed over €2 billion per year of electricity for prominent energy producers across Europe and America. Javier has more than 20 years of experience in building and managing IT companies, developing cloud infrastructure, leading cross-functional teams, and transitioning his own company from on-premises, consulting, and custom software development to a successful SaaS model that scaled globally.

One comment on “AWS Security Groups’ Best Practices”

Leave a Reply

Your email address will not be published. Required fields are marked *

linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram