How Do I Build an AWS EC2 Security Group Rule?
Introduction
When managing cloud infrastructure on AWS, ensuring the security of your EC2 instances is a top priority. Security groups serve as virtual firewalls, regulating both inbound and outbound traffic to your instances. By defining security group rules, you can precisely control which traffic is allowed or denied, thereby enhancing the security of your cloud environment. This guide will walk you through the process of creating a security group and configuring its rules using TypeScript and Pulumi.
Step-by-Step Process to Create Security Group Rules
Define the Security Group: Start by creating a security group that will manage traffic to and from your EC2 instances. In this example, the security group is named
example-security-groupand is configured to allow both HTTP and SSH access.Set Egress Rules: Establish rules for outbound traffic. Here, we allow all outbound traffic by setting an egress rule with a CIDR block of
0.0.0.0/0, which means traffic can be sent to any IP address.Configure Ingress Rules: Define rules for inbound traffic to specify which types of traffic are permitted to enter. In this example, we create two ingress rules:
- Allow HTTP traffic on port 80 from any IP address.
- Allow SSH traffic on port 22 from any IP address.
Export the Security Group ID: Finally, export the security group ID for use in other parts of your infrastructure configuration.
Example: Creating an AWS EC2 Security Group and Security Group Rules
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
// Define a security group to allow HTTP and SSH access
const example = new aws.ec2.SecurityGroup("example", {
name: "example-security-group",
description: "Allow SSH and HTTP",
vpcId: "vpc-123456",
egress: [{
fromPort: 0,
toPort: 0,
protocol: "-1",
cidrBlocks: ["0.0.0.0/0"],
}],
});
// Allow inbound HTTP traffic on port 80
const allowHttp = new aws.ec2.SecurityGroupRule("allow_http", {
type: "ingress",
fromPort: 80,
toPort: 80,
protocol: aws.ec2.ProtocolType.TCP,
cidrBlocks: ["0.0.0.0/0"],
securityGroupId: example.id,
});
// Allow inbound SSH traffic on port 22
const allowSsh = new aws.ec2.SecurityGroupRule("allow_ssh", {
type: "ingress",
fromPort: 22,
toPort: 22,
protocol: aws.ec2.ProtocolType.TCP,
cidrBlocks: ["0.0.0.0/0"],
securityGroupId: example.id,
});
export const securityGroupId = example.id;
Key Points
- Security Group: Acts as a virtual firewall for your EC2 instances.
- Egress Rule: Allows all outbound traffic by default.
- Ingress Rules: Specifically allow HTTP on port 80 and SSH on port 22.
- Exporting: The security group ID is exported for further use.
Conclusion
In this guide, we demonstrated how to create and configure an AWS EC2 security group with specific rules for HTTP and SSH access. By following these steps, you can effectively manage traffic to your EC2 instances, ensuring that only authorized traffic is permitted. This not only enhances security but also helps maintain the integrity of your cloud environment.
Deploy this code
Want to deploy this code? Sign up for a free Pulumi account to deploy in a few clicks.
Sign upNew to Pulumi?
Want to deploy this code? Sign up with Pulumi to deploy in a few clicks.
Sign upThank you for your feedback!
If you have a question about how to use Pulumi, reach out in Community Slack.
Open an issue on GitHub to report a problem or suggest an improvement.