{"id":17359,"date":"2016-12-11T10:28:30","date_gmt":"2016-12-11T10:28:30","guid":{"rendered":"https:\/\/www.whizlabs.com\/?p=17359"},"modified":"2024-04-29T12:36:38","modified_gmt":"2024-04-29T07:06:38","slug":"aws-ingress-egress","status":"publish","type":"post","link":"https:\/\/www.whizlabs.com\/blog\/aws-ingress-egress\/","title":{"rendered":"AWS Certification : Ingress vs. Egress Filtering (AWS Security Groups)"},"content":{"rendered":"<p>We have launched <a href=\"http:\/\/whizlabs.com\/aws-solutions-architect-associate\/\" target=\"_blank\" rel=\"noopener\">AWS Certified Solutions Architect Associate<\/a> certification exam which is the basic level of <strong>AWS certifications<\/strong>. As part of training AWS certification topics, we have started writing important topics that are useful for <a href=\"https:\/\/www.whizlabs.com\/blog\/aws-certified-solutions-architect-associate\/\" title=\"How to prepare for AWS Certified Solutions Architect Associate certification exam?\">preparing for the aws certification exams<\/a>. In this articles, we are writing about Ingress vs Egress, these topics are part of the security in Amazon Web Services (AWS). Here is the snapshot of the <a href=\"https:\/\/d0.awsstatic.com\/training-and-certification\/docs-sa-assoc\/AWS_certified_solutions_architect_associate_blueprint.pdf\" target=\"_blank\" rel=\"noopener noreferrer\">exam blueprint<\/a>.<\/p>\n<p><a href=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2024\/04\/ingress-engress.png\"><img decoding=\"async\" src=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2024\/04\/ingress-engress.png\" alt=\"Ingress and Egress Security groups in aws\" width=\"669\" height=\"345\" class=\"aligncenter size-full wp-image-17410\" \/><\/a><\/p>\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_76 ez-toc-wrap-left counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #ea7e02;color:#ea7e02\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #ea7e02;color:#ea7e02\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/www.whizlabs.com\/blog\/aws-ingress-egress\/#What_are_AWS_Security_groups\" >What are AWS Security groups?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/www.whizlabs.com\/blog\/aws-ingress-egress\/#Why_AWS_provide_Security_groups\" >Why AWS provide Security groups?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/www.whizlabs.com\/blog\/aws-ingress-egress\/#How_do_we_createset_Security_groups\" >How do we create\/set Security groups?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/www.whizlabs.com\/blog\/aws-ingress-egress\/#An_Example_configuration_for_our_Security_Group\" >An Example configuration for our Security Group<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/www.whizlabs.com\/blog\/aws-ingress-egress\/#Common_Rules_for_the_Web_Security_group\" >Common Rules for the Web Security group<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/www.whizlabs.com\/blog\/aws-ingress-egress\/#Final_Points_to_Remember_about_Security_Groups\" >Final Points to Remember about Security Groups<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/www.whizlabs.com\/blog\/aws-ingress-egress\/#Summary\" >Summary<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/www.whizlabs.com\/blog\/aws-ingress-egress\/#Practice_Questions\" >Practice Questions<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-9\" href=\"https:\/\/www.whizlabs.com\/blog\/aws-ingress-egress\/#Technical_Support\" >Technical Support<\/a><\/li><\/ul><\/nav><\/div>\n<h2><span class=\"ez-toc-section\" id=\"What_are_AWS_Security_groups\"><\/span><span lang=\"EN-US\">What are AWS Security groups?<\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><a href=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2024\/04\/aws-certified-security-groups-ingress-egress.png\"><img decoding=\"async\" src=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2024\/04\/aws-certified-security-groups-ingress-egress.png\" alt=\"How to create AWS Security Groups?\" width=\"714\" height=\"336\" class=\"aligncenter  wp-image-17415\" \/><\/a><\/p>\n<p style=\"text-align: justify\"><span lang=\"EN-US\">In AWS, there is a security layer which can be applied to EC2 instances which are known as security groups. Security groups comprise of rules which allow traffic to and from the EC2 instances. These rules are divided into the below 2 categories<\/span><\/p>\n<ul style=\"text-align: justify\">\n<li><span lang=\"EN-US\"> <\/span><span lang=\"EN-US\"><strong>Inbound Rules<\/strong> \u2013 These rules are used to control the inbound traffic or also known as <strong><i>ingress <\/i><\/strong><\/span><\/li>\n<li><span lang=\"EN-US\"> <\/span><span lang=\"EN-US\"><strong>Outbound Rules<\/strong> \u2013 These rules are used to control the outbound traffic or also known as <strong>e<i>gress <\/i><\/strong><\/span><\/li>\n<\/ul>\n<h2 style=\"text-align: justify\"><span class=\"ez-toc-section\" id=\"Why_AWS_provide_Security_groups\"><\/span><span lang=\"EN-US\">Why AWS provide Security groups?<\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p style=\"text-align: justify\"><span lang=\"EN-US\">These rules are provided by AWS to have an additional security barrier which protects your EC2 instances. It\u2019s like a firewall that can be used to protect a set of EC2 instances.<\/span><\/p>\n<ul>\n<li style=\"text-align: justify\"><strong>Try : <a href=\"https:\/\/www.whizlabs.com\/aws-solutions-architect-associate\/free-test\/\">Free Practice Questions for Solutions Architect Associate Exam<\/a><\/strong><\/li>\n<\/ul>\n<p style=\"text-align: justify\"><span lang=\"EN-US\">The below diagram from AWS documentation shows a classic example of why you would need Security Groups. Let\u2019s go through each bit of the image below in a little more detail.<\/span><\/p>\n<p style=\"text-align: justify\"><a href=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2024\/04\/AWS-Article1-1.jpg\"><img decoding=\"async\" src=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2024\/04\/AWS-Article1-1.jpg\" alt=\"aws-article1-1\" width=\"571\" height=\"393\" class=\"size-full wp-image-17361\" \/><\/a><\/p>\n<ol>\n<li style=\"text-align: justify\"><span lang=\"EN-US\"> <\/span><span lang=\"EN-US\"><strong>The web tier<\/strong> \u2013 Normally companies would host a web layer which are EC2 web servers that can be exposed to the internet. Now when such servers are exposed to the internet, it can be very easy for a hacker to break into these servers. This is where you would need to lock down all the ports on the server except for port 80 for HTTP traffic and port 443 for HTTPS traffic. This can be achieved with the help of security groups. These security groups can be assigned to a set of EC2 instances and the rules will be applied to all of the servers. This ensures that you don\u2019t need to manually do the same settings on all the servers one by one.<\/span><\/li>\n<li style=\"text-align: justify\"><span lang=\"EN-US\"> <\/span><span lang=\"EN-US\"><strong>The application tier<\/strong> \u2013 Ideally the application tier will not be able be accessed in the internet and can only be controlled by the IT admin staff. In such a case you would have an intermediate host known as the bastion host to have access to the EC2 application servers. So in this case you would create security groups in which only the bastion host would have access to the application servers.<\/span><\/li>\n<li style=\"text-align: justify\"><span lang=\"EN-US\"> <\/span><span lang=\"EN-US\"><strong>Database Tier<\/strong> \u2013 Again this tier would only be accessible by IT support staff via SSH or by the web and application tier. So in this case you would ensure that the security groups would only allow traffic from the web and application tier in addition to the SSH protocol from the IT support staff. And then finally all other traffic would be blocked by default from the internet.<\/span><\/li>\n<\/ol>\n<h2><span class=\"ez-toc-section\" id=\"How_do_we_createset_Security_groups\"><\/span><span lang=\"EN-US\">How do we create\/set Security groups?<\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span lang=\"EN-US\">Now let\u2019s look in detail and the steps required to create security groups.<\/span><\/p>\n<p><span lang=\"EN-US\"><strong>Step 1 :<\/strong> Log into your AWS Console and go to the EC2 dashboard. Go to Network &amp; Security-&gt;Security Groups.<\/span><\/p>\n<p><a href=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2024\/04\/AWS-Article1-2.jpg\"><img decoding=\"async\" src=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2024\/04\/AWS-Article1-2.jpg\" alt=\"aws-article1-2\" width=\"555\" height=\"391\" class=\"aligncenter size-full wp-image-17362\" \/><\/a><\/p>\n<p><span lang=\"EN-US\"><strong>Step 2:<\/strong> Click on Create Security Group. Let\u2019s create a Web Security Group. This Security group will be for all Web servers in our AWS account.<\/span><\/p>\n<p><a href=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2024\/04\/AWS-Article1-3.jpg\"><img decoding=\"async\" src=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2024\/04\/AWS-Article1-3.jpg\" alt=\"aws-article1-3\" width=\"650\" height=\"342\" class=\"aligncenter wp-image-17363\" \/><\/a><\/p>\n<p><span lang=\"EN-US\">Click on Create to create the Security Group.<\/span><\/p>\n<p><span lang=\"EN-US\">Now by default, because you have not mentioned any Rules, this Security Group will be based on the following principles<\/span><\/p>\n<ul>\n<li><span lang=\"EN-US\"> <\/span><span lang=\"EN-US\"><strong>No Inbound Rules<\/strong> \u2013 This means that if this Security Group is attached to any instance, no traffic would be allowed into that instance. This is because by default for Inbound Rules is DENY and hence all access to the server will be denied.<br \/>\n<a href=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2024\/04\/AWS-Article1-4.jpg\"><img decoding=\"async\" src=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2024\/04\/AWS-Article1-4.jpg\" alt=\"aws-article1-4\" width=\"640\" height=\"222\" class=\"aligncenter wp-image-17364\" \/><\/a><br \/>\n<\/span><\/li>\n<li><span lang=\"EN-US\"> <\/span><span lang=\"EN-US\"><strong>Outbound Rules<\/strong> \u2013 But in retrospect, if you look at the Outbound Rules, you can see that all traffic by default is allowed and this is ok.<br \/>\n<a href=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2024\/04\/AWS-Article1-5.jpg\"><img decoding=\"async\" src=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2024\/04\/AWS-Article1-5.jpg\" alt=\"aws-article1-5\" width=\"650\" height=\"151\" class=\"aligncenter wp-image-17365\" \/><\/a><br \/>\n<\/span><\/li>\n<\/ul>\n<p><span lang=\"EN-US\"><strong>Step 3:<\/strong> Now let\u2019s assign this Security group to an EC2 instance. So when you create an EC2 instance, when you reach the \u201cConfigure Security Group\u201d screen, you need to select the option of \u201cSelect an existing Security Group\u201d and choose the Web Security Group which was created earlier.<\/span><\/p>\n<p><a href=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2024\/04\/AWS-Article1-6.jpg\"><img decoding=\"async\" src=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2024\/04\/AWS-Article1-6.jpg\" alt=\"aws-article1-6\" width=\"585\" height=\"163\" class=\"aligncenter  wp-image-17366\" \/><\/a><\/p>\n<h2><span class=\"ez-toc-section\" id=\"An_Example_configuration_for_our_Security_Group\"><\/span><span lang=\"EN-US\">An Example configuration for our Security Group<\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span lang=\"EN-US\">Now that we have an instance setup and a Security group assigned to the instance, let\u2019s see an example of an Inbound Security Group.<\/span><\/p>\n<p><span lang=\"EN-US\"><strong>Step 1:<\/strong> Go to your EC2 dashboard, go to the instance which was created and click on Web Security Groups. Also please note that this instance has a public IP of 54.202.203.115<\/span><\/p>\n<p><a href=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2024\/04\/AWS-Article1-7.jpg\"><img decoding=\"async\" src=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2024\/04\/AWS-Article1-7.jpg\" alt=\"aws-article1-7\" width=\"670\" height=\"265\" class=\"aligncenter wp-image-17367\" \/><\/a><\/p>\n<p><span lang=\"EN-US\">Now let\u2019s try to ping our server on the Public IP. As shown below, we can see that the request is getting timed out. This is because all incoming traffic is blocked for the PING command.<\/span><\/p>\n<p><a href=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2024\/04\/AWS-Article1-8.jpg\"><img decoding=\"async\" src=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2024\/04\/AWS-Article1-8.jpg\" alt=\"aws-article1-8\" width=\"683\" height=\"258\" class=\"aligncenter  wp-image-17369\" \/><\/a><\/p>\n<p><span lang=\"EN-US\"><strong>Step 2:<\/strong> So now let\u2019s edit our Web security groups to allow traffic to our Web server. Go to the Security Group and click on the Edit button.<\/span><\/p>\n<p><a href=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2024\/04\/AWS-Article1-9.jpg\"><img decoding=\"async\" src=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2024\/04\/AWS-Article1-9.jpg\" alt=\"aws-article1-9\" width=\"460\" height=\"347\" class=\"aligncenter size-full wp-image-17370\" \/><\/a><\/p>\n<p><span lang=\"EN-US\"><strong>Step 3:<\/strong> Now when you create an Inbound Rule, You need to mention the below parameters<\/span><\/p>\n<ul>\n<li><span lang=\"EN-US\"> <\/span><span lang=\"EN-US\"><strong>Type<\/strong> \u2013 This is the type of rule you want to configure. Here you have custom rules, such as rules for <strong>HTTP, SSH, HTTPS<\/strong> etc.<\/span><\/li>\n<li><span lang=\"EN-US\"> <\/span><span lang=\"EN-US\">Next is the protocol which gets set when you choose the Type.<\/span><\/li>\n<li><span lang=\"EN-US\"> <\/span><span lang=\"EN-US\">Next is the port range for which you want to allow the protocol. So for example if you want to allow http web traffic, you need to allow the Port Range of 80.<\/span><\/li>\n<li><span lang=\"EN-US\"> <\/span><span lang=\"EN-US\">Next is the Source Address. Here you have the further Options to allowing the traffic from any IP, or a range of IP or from your IP Address.<\/span><\/li>\n<\/ul>\n<p><a href=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2024\/04\/AWS-Article1-10.jpg\"><img decoding=\"async\" src=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2024\/04\/AWS-Article1-10.jpg\" alt=\"aws-article1-10\" width=\"670\" height=\"140\" class=\"aligncenter wp-image-17371\" \/><\/a><\/p>\n<p><span lang=\"EN-US\">So let\u2019s choose the following parameters for allowing us to ping the server. So there is an option to choose the Type of \u201cAll ICMP\u201d. ICMP is the protocol used by the ping command. <\/span><\/p>\n<p><span lang=\"EN-US\">We are then choosing the Source as \u201cMy IP\u201d. So AWS will automatically detect your IP address and populate it accordingly. You can then click on the Save button to save the rule.<\/span><\/p>\n<p><a href=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2024\/04\/AWS-Article1-11.jpg\"><img decoding=\"async\" src=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2024\/04\/AWS-Article1-11.jpg\" alt=\"aws-article1-11\" width=\"670\" height=\"141\" class=\"aligncenter wp-image-17372\" \/><\/a><\/p>\n<p><span lang=\"EN-US\">So now you have the Rule defined.<\/span><\/p>\n<p><a href=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2024\/04\/AWS-Article1-12.jpg\"><img decoding=\"async\" src=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2024\/04\/AWS-Article1-12.jpg\" alt=\"aws-article1-12\" width=\"670\" height=\"261\" class=\"aligncenter wp-image-17373\" \/><\/a><\/p>\n<p><span lang=\"EN-US\"><strong>Step 4:<\/strong> Now let\u2019s try to ping our server again. And now you can see that you can successfully ping the server as shown below. This means that the security group has taken effect and is working properly.<\/span><\/p>\n<p><a href=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2024\/04\/AWS-Article1-13.jpg\"><img decoding=\"async\" src=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2024\/04\/AWS-Article1-13.jpg\" alt=\"aws-article1-13\" width=\"687\" height=\"264\" class=\"aligncenter  wp-image-17374\" \/><\/a><\/p>\n<h2><span class=\"ez-toc-section\" id=\"Common_Rules_for_the_Web_Security_group\"><\/span>Common Rules for the Web Security group<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span lang=\"EN-US\">So let\u2019s see some common Security Rules that we can use for our Web server.<\/span><\/p>\n<p><span lang=\"EN-US\"><strong>Rule 1:<\/strong>\u00a0<strong><i>Allowing http and https traffic<\/i><\/strong> &#8211; You can actually create multiple Rules in the Security group. One common and most required one is to allow traffic for the HTTP and HTTPS ports to allow the web sites hosted on your Web server to be accessed from anywhere.<\/span><\/p>\n<p><a href=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2024\/04\/AWS-Article1-14.jpg\"><img decoding=\"async\" src=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2024\/04\/AWS-Article1-14.jpg\" alt=\"aws-article1-14\" width=\"670\" height=\"163\" class=\"aligncenter wp-image-17375\" \/><\/a><\/p>\n<p><span lang=\"EN-US\"><strong>Rule 2:<\/strong>\u00a0<strong><i>Allow SSH or Remote Desktop, only from a single IP<\/i> <\/strong>\u2013 Sometimes you may want to Remote Desktop or SSH to the web server depending on whether it\u2019s a Windows or Linux Server to do configuration changes to the server. In such a case, you should only allow these protocols from a certain IP. So in the below example, we are assuming that 192.168.1.30 is a bastion host or dedicated machine on your network. It is a security risk to allow this sort of access from any other IP. When you specify a single IPv4 address, use the \/32 prefix at the end of the IP Address.<\/span><\/p>\n<p><a href=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2024\/04\/AWS-Article1-15.jpg\"><img decoding=\"async\" src=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2024\/04\/AWS-Article1-15.jpg\" alt=\"aws-article1-15\" width=\"670\" height=\"205\" class=\"aligncenter wp-image-17376\" \/><\/a><\/p>\n<p><strong>Rule 3:<\/strong>\u00a0<strong><i>Allowing Access from Database<\/i><\/strong> \u2013 Normally when you host databases in other EC2 instances you will have separate Security groups for them. Let\u2019s assume you create a Database Security group for these sort of instances. You can then create inbound rules for the Web Security Group to the database security group so that the web servers can talk to the database servers. So in the below screenshot, we are assuming that we have MS SQL server, so we are choosing this rule type. And we are assuming that a Database security group is in place. So when you start typing the \u2018Source\u2019 as Database, it will auto populate this section with the Database Security Group.<\/p>\n<p><a href=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2024\/04\/AWS-Article1-16.jpg\"><img decoding=\"async\" src=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2024\/04\/AWS-Article1-16.jpg\" alt=\"aws-article1-16\" width=\"670\" height=\"227\" class=\"aligncenter wp-image-17377\" \/><\/a><\/p>\n<h2><span class=\"ez-toc-section\" id=\"Final_Points_to_Remember_about_Security_Groups\"><\/span><span lang=\"EN-US\">Final Points to Remember about Security Groups<\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>These are the most important points to remember for the AWS certification exam.<\/p>\n<ul>\n<li><span lang=\"EN-US\"> <\/span><span lang=\"EN-US\">Security groups are stateful \u2014 if you send a request from your instance, the response traffic for that request is allowed to flow in regardless of inbound security group rules. Responses to allowed inbound traffic are allowed to flow out, regardless of outbound rules.<\/span><\/li>\n<li><span lang=\"EN-US\"> <\/span><span lang=\"EN-US\">There are the following service limitations in AWS<\/span>\n<ol>\n<li><span lang=\"EN-US\"> <\/span><span lang=\"EN-US\">You can create up to 500 security groups per VPC<\/span><\/li>\n<li><span lang=\"EN-US\"> <\/span><span lang=\"EN-US\">You can add up to 50 rules to a security group.<\/span><\/li>\n<\/ol>\n<\/li>\n<\/ul>\n<h2><span class=\"ez-toc-section\" id=\"Summary\"><\/span>Summary<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>I hope this article is very useful for you to understand the concepts behind security groups in the Amazon Web Services (AWS). Note that security is one of the important concepts that has to be prepared very well for passing the exam. We are going to write series of articles on the similar topics to teach you on how to use AWS with respect to prepare for the AWS certification exams.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Practice_Questions\"><\/span>Practice Questions<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>It is important to practice more number of questions for preparing for the solutions architect certification exam. We have prepared 300+ high quality questions that covers all the exam objectives and provides explanation for all the option given for the question. This would help you to improve our confidence on the exam before you are taking the real exam.<\/p>\n<ul>\n<li><strong><a href=\"https:\/\/www.whizlabs.com\/aws-solutions-architect-associate\/practice-tests\/\">300+ Practice Questions for Solutions Architect Associate Exam<\/a><\/strong><\/li>\n<li><a href=\"https:\/\/www.whizlabs.com\/blog\/aws-certified-solutions-architect-associate\/\" title=\"How to prepare for AWS Certified Solutions Architect Associate certification exam?\"><strong>How to prepare for solutions architect associate exam?<\/strong><\/a><\/li>\n<\/ul>\n<h2><span class=\"ez-toc-section\" id=\"Technical_Support\"><\/span>Technical Support<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>If you are looking for any technical support like more explanation on each questions or clarifications, we have a dedicated support for Amazon Web Services (AWS) to answer all your queries. You can drop us a mail at info@whizlabs.com with your queries. We would respond to your questions within 12 hours of time.<\/p>\n<p><strong>Good luck for your exam preparation!!<\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"<p>We have launched AWS Certified Solutions Architect Associate certification exam which is the basic level of AWS certifications. As part of training AWS certification topics, we have started writing important topics that are useful for preparing for the aws certification exams. In this articles, we are writing about Ingress vs Egress, these topics are part of the security in Amazon Web Services (AWS). Here is the snapshot of the exam blueprint. What are AWS Security groups? In AWS, there is a security layer which can be applied to EC2 instances which are known as security groups. Security groups comprise of [&hellip;]<\/p>\n","protected":false},"author":13,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_uag_custom_page_level_css":"","site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","theme-transparent-header-meta":"default","adv-header-id-meta":"","stick-header-meta":"default","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"set","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[4],"tags":[302],"class_list":["post-17359","post","type-post","status-publish","format-standard","hentry","category-aws-certifications","tag-aws-solutions-architect-associate"],"uagb_featured_image_src":{"full":false,"thumbnail":false,"medium":false,"medium_large":false,"large":false,"1536x1536":false,"2048x2048":false,"profile_24":false,"profile_48":false,"profile_96":false,"profile_150":false,"profile_300":false,"tptn_thumbnail":false,"web-stories-poster-portrait":false,"web-stories-publisher-logo":false,"web-stories-thumbnail":false},"uagb_author_info":{"display_name":"Pavan Gumaste","author_link":"https:\/\/www.whizlabs.com\/blog\/author\/pavan\/"},"uagb_comment_info":50,"uagb_excerpt":"We have launched AWS Certified Solutions Architect Associate certification exam which is the basic level of AWS certifications. As part of training AWS certification topics, we have started writing important topics that are useful for preparing for the aws certification exams. In this articles, we are writing about Ingress vs Egress, these topics are part&hellip;","_links":{"self":[{"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/posts\/17359","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/users\/13"}],"replies":[{"embeddable":true,"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/comments?post=17359"}],"version-history":[{"count":18,"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/posts\/17359\/revisions"}],"predecessor-version":[{"id":95087,"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/posts\/17359\/revisions\/95087"}],"wp:attachment":[{"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/media?parent=17359"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/categories?post=17359"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/tags?post=17359"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}