Note: Please go to docs.rightscale.com to access the current RightScale documentation set. Also, feel free to Chat with us!
Home > Guides > Dashboard Users Guide > Clouds > AWS Regions > EC2 Security Groups

EC2 Security Groups

Table of Contents

Overview

Security Groups are essentially firewalls for EC2 servers. It defines which ports are opened in Amazon's firewall to allow incoming connections to your instance. When you launch an EC2 server, you must assign it at least one security group. Amazon security groups are EC2 region-specific (i.e. You cannot assign a server in EC2-EU a security group that you defined in EC2-US). In order for servers to communicate with one another, you must assign them the same security group(s). You can also assign multiple security groups to a single server to create an additional layer of security. For example, you might not want your frontend load balancers to have the same level of access to your database as your application servers. Therefore, you create and assign one security group that allows the load balancers to communicate with your application servers, while a different security group allows the application servers to communicate with your database servers.

Security groups are especially useful if you have multiple deployments that require different levels of accessibility. For example, you might want to create separate security groups for public and private deployments. The "Production" deployment will be accessible to the public and have ports 22 and 80 open, whereas the "Staging" deployment is used for internal development/testing and should be closed to the public.

All security groups must have port 22 open in order to support root level access to your machine via ssh. Port 80 needs to be open in order to make the web server open to the public. If you need SSL, you will need to add port 443. If there are other services that need to be publicly accessible, you'll also need to create the appropriate open ports. Use CIDR notation to control the range of IP addresses that will be allowed access. 0.0.0.0/0 (default) allows access to any IP address whereas 0.0.0.0/32 denies access to all IP addresses.

Note: You can only create a security group with a Developer or Premium account.

Clouds > AWS Region > EC2 Security Groups > Index

Important!

If you are on a UCP account (Unified Cloud Platform), you will need to create security groups within the network manager. For more information, see Networks.

Actions

You must to post a comment.
Last modified
15:05, 25 Sep 2013

Tags

Classifications

This page has no classifications.

Announcements

None


© 2006-2014 RightScale, Inc. All rights reserved.
RightScale is a registered trademark of RightScale, Inc. All other products and services may be trademarks or servicemarks of their respective owners.