Create a Security Group for Linux Instance

Creating a Security Group for Your Linux Instance

ℹ️ Information: Security groups act as virtual firewalls that control the traffic allowed to and from your EC2 instances. In this section, we’ll create a security group specifically configured for Linux instances with the necessary ports for common Linux workloads.

Step 1: Navigate to Security Groups

  1. Sign in to the AWS Management Console
    • In the search bar, type VPC
    • Select VPC from the services list
    • In the navigation pane, click on Security Groups Navigate to Security Groups

Step 2: Create a Security Group

  1. Click Create security group and configure the basic details:

    • Security group name: Enter Linux-SG
    • Description: Enter Security group for Linux instance
    • VPC: Select the previously created Linux-vpc from the dropdown

    Configure security group basics

Step 3: Configure Inbound Rules

  1. In the Inbound rules section, click Add rule to add the following rules:

    • SSH (TCP/22): For secure shell access to your instance
    • All ICMP-IPv4: For ping and network diagnostics
    • All ICMP-IPv6: For IPv6 network diagnostics
    • HTTP (TCP/80): For web server traffic
    • HTTPS (TCP/443): For secure web traffic
    • MySQL/Aurora (TCP/3306): For database connectivity
    • Custom TCP (TCP/5000): For Node.js applications

🔒 Security Note: When configuring security group rules, always follow the principle of least privilege by only opening ports that are necessary for your application to function. In production environments, you should restrict traffic sources whenever possible rather than allowing access from any IP address (0.0.0.0/0).

💡 Pro Tip: For each rule, you need to specify the following information:

  • Name: A name for the rule (up to 255 characters, including a–z, A–Z, 0–9, spaces, and ._-:/()#,@[]+=;{}!$*)
  • Protocol: The allowed protocol (TCP, UDP, ICMP)
  • Port range: For TCP/UDP, specify a single port (e.g., 22) or a port range (e.g., 7000–8000)
  • Source: The allowed traffic source, which can be:
    • A single IPv4 address (e.g., 203.0.113.1/32)
    • A single IPv6 address (e.g., 2001:db8:1234:1a00::123/128)
    • An IP address range in CIDR notation (e.g., 203.0.113.0/24)
    • A prefix list ID (e.g., pl-1234abc1234abc123)
      Configure inbound rules

Step 4: Configure Outbound Rules and Tags

  1. For Outbound rules, the default allows all outbound traffic, which is typically acceptable for most use cases

  2. In the Tags section:

    • Add appropriate key-value pairs to help identify and organize your security group
    • Common tags include Name, Environment, Project, etc.

  3. Click Create security group to complete the process

    Configure outbound rules and tags

💡 Pro Tip: Use descriptive tags for your security groups to make them easier to identify when you have multiple security groups across different environments.

Security group creation confirmation