To create a new security group, the following information must be provided:
Security Groups are essentially firewalls for EC2 servers. It defines which ports are opened in Amazon's firewall to allow incoming connections to your instance. When you launch an EC2 server, you must assign it at least one security group. Amazon security groups are EC2 region-specific (i.e. You cannot assign a server in EC2-EU a security group that you defined in EC2-US). In order for servers to communicate with one another, you must assign them the same security group(s). You can also assign multiple security groups to a single server to create an additional layer of security. For example, you might not want your frontend load balancers to have the same level of access to your database as your application servers. Therefore, you create and assign one security group that allows the load balancers to communicate with your application servers, while a different security group allows the application servers to communicate with your database servers.
Security groups are especially useful if you have multiple deployments that require different levels of accessibility. For example, you might want to create separate security groups for public and private deployments. The "Production" deployment will be accessible to the public and have ports 22 and 80 open, whereas the "Staging" deployment is used for internal development/testing and should be closed to the public.
All security groups must have port 22 open in order to support root level access to your machine via ssh. Port 80 needs to be open in order to make the web server open to the public. If you need SSL, you will need to add port 443. If there are other services that need to be publicly accessible, you'll also need to create the appropriate open ports. Use CIDR notation to control the range of IP addresses that will be allowed access. 0.0.0.0/0 (default) allows access to any IP address whereas 0.0.0.0/32 denies access to all IP addresses.
Note: You can only create a security group with a Developer or Premium account.Clouds > AWS Region > EC2 Security Groups > Index
View or edit basic information about the security group including who created the security group and its current open port settings. If you need SSL, you will need to add port 443. If there are other services that need to be publicly accessible, you'll also need to create the appropriate open ports. Use CIDR notation to control the range of IP addresses that will be allowed access. 0.0.0.0/0 (default) allows access to any IP address whereas 0.0.0.0/32 denies access to all IP addresses. Specify the following settings for your security group:
If you wish to deny access, simply revoke (delete/remove) the permission. You can also add a group, where the permissions that are defined in the other security group will be inherited. Simply specify the name of an existing security group (within the same EC2 region). But be careful--any changes to the added group will take immediate effect. Therefore, it's better to manage permissions by assigning multiple security groups to a server instead of nesting security group permissions within each other.
Note: You cannot launch an instance that references a deleted security group.Clouds > AWS Region > EC2 Security Groups > Show
Delete - Delete the Security Group from the account. Fields
Timestamp - A timestamp of when the action was performed. Date and time are based upon the time zone that's defined in your user settings (Settings > User > Preferences). Click a timestamp to highlight any audit entries that were created at the particular time.
© 2006-2014 RightScale, Inc. All rights reserved.
RightScale is a registered trademark of RightScale, Inc. All other products and services may be trademarks or servicemarks of their respective owners.