{"id":68315,"date":"2018-12-04T07:47:35","date_gmt":"2018-12-04T07:47:35","guid":{"rendered":"https:\/\/www.whizlabs.com\/blog\/?p=68315"},"modified":"2020-08-31T17:58:48","modified_gmt":"2020-08-31T17:58:48","slug":"set-right-rules-for-security-groups-and-nacls","status":"publish","type":"post","link":"https:\/\/www.whizlabs.com\/blog\/set-right-rules-for-security-groups-and-nacls\/","title":{"rendered":"How to Set Right Inbound &#038; Outbound Rules for Security Groups and NACLs?"},"content":{"rendered":"<p style=\"text-align: justify;\"><span style=\"font-weight: 400;\">So, how&#8217;s your preparation going on for AWS Certified Security Specialty exam?\u00a0Have you prepared yourself with Infrastructure Security domain, that has maximum weight i.e. 26% in the blueprint of AWS Security Specialty exam? Here we cover the topic <em>&#8220;How to set right Inbound and Outbound rules for security groups and network access control lists?&#8221;<\/em> that addresses the Infrastructure Security domain as highlighted in the AWS Blueprint for the exam guide. So, this article is an invaluable resource in your <a href=\"https:\/\/www.whizlabs.com\/blog\/prepare-aws-certified-security-specialty-exam\/\" target=\"_blank\" rel=\"noopener noreferrer\"><em>AWS Certified Security Specialty exam preparation<\/em><\/a>.<\/span><\/p>\n<blockquote><p>Try Now: <a href=\"https:\/\/www.whizlabs.com\/aws-certified-security-specialty\/free-test\/\" target=\"_blank\" rel=\"noopener noreferrer\">AWS Certified Security Specialty Free Test<\/a><\/p><\/blockquote>\n<p style=\"text-align: justify;\">For the 24*7 security of the VPC resources, it is recommended to use Security Groups and Network Access Control Lists. AWS NACLs act as a firewall for the associated subnets and control both the inbound and outbound traffic. So, it becomes very<span style=\"font-weight: 400;\">\u00a0important to understand what are the right and most secure rules to be used for Security Groups and Network Access Control Lists (NACLs) for EC2 Instances in AWS. Let\u2019s take a use case scenario to understand the problem and thus find the most effective solution.<\/span><\/p>\n<h2 style=\"text-align: justify;\">Problem Statement<\/h2>\n<p style=\"text-align: justify;\"><span style=\"font-weight: 400;\">As a Security Engineer, you need to design the Security Group and Network Access Control Lists rules for an EC2 Instance hosted in a public subnet in a <a href=\"https:\/\/www.whizlabs.com\/blog\/aws-vpc\/\" target=\"_blank\" rel=\"noopener noreferrer\">Virtual Private Cloud<\/a> (VPC). The instance needs to be accessed securely from an on-premise machine. The on-premise machine just needs to SSH into the Instance on port 22.<\/span><\/p>\n<p style=\"text-align: justify;\"><span style=\"font-weight: 400;\">The networking details are given below<\/span><\/p>\n<ul style=\"text-align: justify;\">\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">IP Address of the On-premise machine &#8211; 92.97.87.150<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Public IP address of EC2 Instance &#8211; 18.196.91.57<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Private IP address of EC2 Instance &#8211; 172.31.38.223<\/span><\/li>\n<\/ul>\n<p style=\"text-align: justify;\"><span style=\"font-weight: 400;\">Which of the following is the right set of rules which ensures a higher level of security for the connection? While determining the most secure and effective set of rules, you also need to ensure that the least number of rules are applied overall.<\/span><\/p>\n<blockquote><p>Also Read: <a href=\"https:\/\/www.whizlabs.com\/blog\/aws-connectivity-vpc\/\" target=\"_blank\" rel=\"noopener noreferrer\">How to improve connectivity and secure your VPC resources?<\/a><\/p><\/blockquote>\n<h2 style=\"text-align: justify;\">Solution:\u00a0Set Right Inbound &amp; Outbound Rules for Security Groups and Network Access Control Lists<\/h2>\n<p style=\"text-align: justify;\"><span style=\"font-weight: 400;\">If we visualize the architecture, this is what it looks like:<\/span><\/p>\n<p><img decoding=\"async\" class=\"wp-image-68319 size-full aligncenter\" src=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/sites\/2\/2018\/12\/VPC-Architecture.png\" alt=\"VPC Architecture\" width=\"557\" height=\"204\" srcset=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2018\/12\/VPC-Architecture.png 557w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2018\/12\/VPC-Architecture-300x110.png 300w\" sizes=\"(max-width: 557px) 100vw, 557px\" \/><\/p>\n<ul style=\"text-align: justify;\">\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Now the first point we need to consider is that we need not bother about the private IP address of the Instance since we are accessing the instance over the Internet<\/span><\/li>\n<\/ul>\n<p style=\"text-align: justify;\"><span style=\"font-weight: 400;\">Now let\u2019s look at the default security groups available for an Instance:<\/span><\/p>\n<p><img decoding=\"async\" class=\"aligncenter wp-image-68320\" src=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/sites\/2\/2018\/12\/default-security-group-1.png\" alt=\"Default Security Groups available for an instance\" width=\"832\" height=\"181\" srcset=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2018\/12\/default-security-group-1.png 699w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2018\/12\/default-security-group-1-300x65.png 300w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2018\/12\/default-security-group-1-640x139.png 640w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2018\/12\/default-security-group-1-681x148.png 681w\" sizes=\"(max-width: 832px) 100vw, 832px\" \/><\/p>\n<p><img decoding=\"async\" class=\"aligncenter wp-image-68321\" src=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/sites\/2\/2018\/12\/default-security-group-2.png\" alt=\"Default security group in instance\" width=\"847\" height=\"199\" srcset=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2018\/12\/default-security-group-2.png 698w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2018\/12\/default-security-group-2-300x70.png 300w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2018\/12\/default-security-group-2-640x150.png 640w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2018\/12\/default-security-group-2-681x160.png 681w\" sizes=\"(max-width: 847px) 100vw, 847px\" \/><\/p>\n<p style=\"text-align: justify;\"><span style=\"font-weight: 400;\">Now to change the rules, we need to understand the following<\/span><\/p>\n<ul style=\"text-align: justify;\">\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">The On-premise machine needs to make a connection on port 22 to the EC2 Instance. So, the incoming rules need to have one for port 22.<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Now, since SSH is a stateless protocol, we also need to ensure that there is a relevant Outbound rule. The EC2 Instance would connect to the on-premise machine on an ephemeral port (32768 \u2013 65535)<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">And here the source and destination is the on-premise machine with an IP address of 92.97.87.150<\/span><\/li>\n<\/ul>\n<p style=\"text-align: justify;\"><span style=\"font-weight: 400;\">Hence, the rules which would need to be in place are as shown below:<\/span><\/p>\n<p><img decoding=\"async\" class=\"aligncenter wp-image-68324\" src=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/sites\/2\/2018\/12\/Screen-Shot-2018-12-04-at-9.21.51-AM.png\" alt=\"Security Group and NACL Rules\" width=\"811\" height=\"211\" srcset=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2018\/12\/Screen-Shot-2018-12-04-at-9.21.51-AM.png 680w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2018\/12\/Screen-Shot-2018-12-04-at-9.21.51-AM-300x78.png 300w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2018\/12\/Screen-Shot-2018-12-04-at-9.21.51-AM-640x167.png 640w\" sizes=\"(max-width: 811px) 100vw, 811px\" \/><\/p>\n<p><img decoding=\"async\" class=\"aligncenter wp-image-68325\" src=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/sites\/2\/2018\/12\/Screen-Shot-2018-12-04-at-9.21.57-AM.png\" alt=\"Security Group and NACL Rules\" width=\"841\" height=\"201\" srcset=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2018\/12\/Screen-Shot-2018-12-04-at-9.21.57-AM.png 685w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2018\/12\/Screen-Shot-2018-12-04-at-9.21.57-AM-300x72.png 300w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2018\/12\/Screen-Shot-2018-12-04-at-9.21.57-AM-640x153.png 640w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2018\/12\/Screen-Shot-2018-12-04-at-9.21.57-AM-681x164.png 681w\" sizes=\"(max-width: 841px) 100vw, 841px\" \/><\/p>\n<p style=\"text-align: justify;\"><span style=\"font-weight: 400;\">Now, we need to apply the same reasoning to NACLs.<\/span><\/p>\n<p style=\"text-align: justify;\"><span style=\"font-weight: 400;\">Let\u2019s have a look at the default NACLs for a subnet:<\/span><\/p>\n<p><img decoding=\"async\" class=\"wp-image-68326 aligncenter\" src=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/sites\/2\/2018\/12\/Default-NACL-for-a-Subnet.png\" alt=\"Default NACLs for a Subnet\" width=\"811\" height=\"247\" srcset=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2018\/12\/Default-NACL-for-a-Subnet.png 700w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2018\/12\/Default-NACL-for-a-Subnet-300x91.png 300w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2018\/12\/Default-NACL-for-a-Subnet-640x195.png 640w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2018\/12\/Default-NACL-for-a-Subnet-681x207.png 681w\" sizes=\"(max-width: 811px) 100vw, 811px\" \/><\/p>\n<p><img decoding=\"async\" class=\"wp-image-68327 aligncenter\" src=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/sites\/2\/2018\/12\/Default-NACL-for-a-Subnet-2.png\" alt=\"Default NACLs for a Subnet\" width=\"816\" height=\"238\" srcset=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2018\/12\/Default-NACL-for-a-Subnet-2.png 710w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2018\/12\/Default-NACL-for-a-Subnet-2-300x87.png 300w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2018\/12\/Default-NACL-for-a-Subnet-2-640x187.png 640w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2018\/12\/Default-NACL-for-a-Subnet-2-681x199.png 681w\" sizes=\"(max-width: 816px) 100vw, 816px\" \/><\/p>\n<p><span style=\"font-weight: 400;\">Let us apply below-mentioned rules to NACL to address the problem.<\/span><\/p>\n<ol>\n<li><span style=\"font-weight: 400;\"> \u00a0\u00a0\u00a0\u00a0\u00a0Allow incoming traffic on port 22 and outgoing on ephemeral ports (32768 \u2013 65535).<\/span><\/li>\n<li><span style=\"font-weight: 400;\"> \u00a0\u00a0\u00a0\u00a0\u00a0Allow source and destination as the public IP of the on-premise workstation for inbound &amp; outbound settings respectively.<\/span><\/li>\n<\/ol>\n<p><span style=\"font-weight: 400;\">We would have below rules for NACL:<\/span><\/p>\n<p><img decoding=\"async\" class=\"wp-image-68328 aligncenter\" src=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/sites\/2\/2018\/12\/Set-Security-Group-and-NACL-Rules.png\" alt=\"Set Security Groups and NACL Rules\" width=\"781\" height=\"219\" srcset=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2018\/12\/Set-Security-Group-and-NACL-Rules.png 699w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2018\/12\/Set-Security-Group-and-NACL-Rules-300x84.png 300w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2018\/12\/Set-Security-Group-and-NACL-Rules-640x179.png 640w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2018\/12\/Set-Security-Group-and-NACL-Rules-681x191.png 681w\" sizes=\"(max-width: 781px) 100vw, 781px\" \/><\/p>\n<p><img decoding=\"async\" class=\"aligncenter wp-image-68329\" src=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/sites\/2\/2018\/12\/Set-Security-Groups-and-NACL-Rules-2.png\" alt=\"Set right rules of SG and NACL\" width=\"793\" height=\"219\" srcset=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2018\/12\/Set-Security-Groups-and-NACL-Rules-2.png 698w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2018\/12\/Set-Security-Groups-and-NACL-Rules-2-300x83.png 300w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2018\/12\/Set-Security-Groups-and-NACL-Rules-2-640x177.png 640w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2018\/12\/Set-Security-Groups-and-NACL-Rules-2-681x188.png 681w\" sizes=\"(max-width: 793px) 100vw, 793px\" \/><\/p>\n<blockquote><p><strong>Other Related Resources:<\/strong><\/p>\n<p><a href=\"https:\/\/www.whizlabs.com\/blog\/using-central-cloudtrail-s3-bucket-for-multiple-aws-accounts\/\" target=\"_blank\" rel=\"noopener noreferrer\">How to Use a Central CloudTrail S3 Bucket for Multiple AWS Accounts?<\/a><\/p>\n<p><a href=\"https:\/\/www.whizlabs.com\/blog\/iam-and-bucket-policies\/\" target=\"_blank\" rel=\"noopener noreferrer\">Working with IAM and Bucket Policies<\/a><\/p>\n<p><a href=\"https:\/\/www.whizlabs.com\/blog\/granting-access-to-aws-resources-to-third-party\/\" target=\"_blank\" rel=\"noopener noreferrer\">How to Grant Access to AWS Resources to the Third Party via Roles &amp; External Id?<\/a><\/p><\/blockquote>\n<h4 style=\"text-align: justify;\">Summary<\/h4>\n<ul>\n<li style=\"font-weight: 400; text-align: justify;\"><span style=\"font-weight: 400;\">Consider the source and destination of the traffic.<\/span><\/li>\n<li style=\"font-weight: 400; text-align: justify;\"><span style=\"font-weight: 400;\">Consider both the Inbound and Outbound Rules.<\/span><\/li>\n<li style=\"font-weight: 400; text-align: justify;\"><span style=\"font-weight: 400;\">Always consider the most restrictive rules, it\u2019s the best practice to apply the principle of least privilege while configuring Security Groups &amp; NACL.<\/span><\/li>\n<li>And set right inbound and outbound rules for Security Groups and Network Access Control Lists.<\/li>\n<\/ul>\n<p>So, here we&#8217;ve covered how you can set right inbound and outbound rules for Security Groups and Network Access Control Lists. Getting prepared with this topic will bring your AWS Certified Security Specialty exam preparation to the next level. If you think yourself fully prepared for the exam, give your preparation a check with <a href=\"https:\/\/www.whizlabs.com\/aws-certified-security-specialty\/\" target=\"_blank\" rel=\"noopener noreferrer\">AWS Certified Security Specialty Practice Tests<\/a>. The Whizlabs practice test series comes with a detailed explanation to every question and thus help you find your weak areas and work on that.<\/p>\n<p><em>So, join us today and enter into the world of great success!<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"<p>So, how&#8217;s your preparation going on for AWS Certified Security Specialty exam?\u00a0Have you prepared yourself with Infrastructure Security domain, that has maximum weight i.e. 26% in the blueprint of AWS Security Specialty exam? Here we cover the topic &#8220;How to set right Inbound and Outbound rules for security groups and network access control lists?&#8221; that addresses the Infrastructure Security domain as highlighted in the AWS Blueprint for the exam guide. So, this article is an invaluable resource in your AWS Certified Security Specialty exam preparation. Try Now: AWS Certified Security Specialty Free Test For the 24*7 security of the VPC [&hellip;]<\/p>\n","protected":false},"author":13,"featured_media":68342,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_uag_custom_page_level_css":"","site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[4],"tags":[234,297,1443],"class_list":["post-68315","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-aws-certifications","tag-aws-certified-security-specialty-exam-preparation","tag-aws-security-specialty-exam","tag-security-group-and-network-acls"],"uagb_featured_image_src":{"full":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2018\/12\/rules-for-security-groups-and-network-access-control-lists.png",600,315,false],"thumbnail":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2018\/12\/rules-for-security-groups-and-network-access-control-lists-150x150.png",150,150,true],"medium":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2018\/12\/rules-for-security-groups-and-network-access-control-lists-300x158.png",300,158,true],"medium_large":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2018\/12\/rules-for-security-groups-and-network-access-control-lists.png",600,315,false],"large":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2018\/12\/rules-for-security-groups-and-network-access-control-lists.png",600,315,false],"1536x1536":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2018\/12\/rules-for-security-groups-and-network-access-control-lists.png",600,315,false],"2048x2048":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2018\/12\/rules-for-security-groups-and-network-access-control-lists.png",600,315,false],"profile_24":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2018\/12\/rules-for-security-groups-and-network-access-control-lists.png",24,13,false],"profile_48":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2018\/12\/rules-for-security-groups-and-network-access-control-lists.png",48,25,false],"profile_96":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2018\/12\/rules-for-security-groups-and-network-access-control-lists.png",96,50,false],"profile_150":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2018\/12\/rules-for-security-groups-and-network-access-control-lists.png",150,79,false],"profile_300":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2018\/12\/rules-for-security-groups-and-network-access-control-lists.png",300,158,false],"tptn_thumbnail":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2018\/12\/rules-for-security-groups-and-network-access-control-lists-250x250.png",250,250,true],"web-stories-poster-portrait":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2018\/12\/rules-for-security-groups-and-network-access-control-lists.png",600,315,false],"web-stories-publisher-logo":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2018\/12\/rules-for-security-groups-and-network-access-control-lists.png",96,50,false],"web-stories-thumbnail":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2018\/12\/rules-for-security-groups-and-network-access-control-lists.png",150,79,false]},"uagb_author_info":{"display_name":"Pavan Gumaste","author_link":"https:\/\/www.whizlabs.com\/blog\/author\/pavan\/"},"uagb_comment_info":47,"uagb_excerpt":"So, how&#8217;s your preparation going on for AWS Certified Security Specialty exam?\u00a0Have you prepared yourself with Infrastructure Security domain, that has maximum weight i.e. 26% in the blueprint of AWS Security Specialty exam? Here we cover the topic &#8220;How to set right Inbound and Outbound rules for security groups and network access control lists?&#8221; that&hellip;","_links":{"self":[{"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/posts\/68315","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/users\/13"}],"replies":[{"embeddable":true,"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/comments?post=68315"}],"version-history":[{"count":1,"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/posts\/68315\/revisions"}],"predecessor-version":[{"id":75916,"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/posts\/68315\/revisions\/75916"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/media\/68342"}],"wp:attachment":[{"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/media?parent=68315"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/categories?post=68315"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/tags?post=68315"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}