xxxxxxxxxx
In VPC, a security group’s function is to manage the traffic for the instances. Instances can be single in number or many. Actually, it does act as a virtual firewall that can control inbound and outbound traffic for different EC2 instances. You can manually add rules to each security group to control the traffic within the associated instances.
In AWS console, security groups can be located in both VPC and EC2 sections. By default, all security groups allow outbound traffic. In the same way, you can define rules to allow inbound traffic. But one thing- you are only allowed to create “allow” rules rather setting up denial rules to restrict security permissions. Also, it’s possible to change the rules of a security group irrespective of the time and the process of changing rules will take place instantly. You may come across questions on security in an AWS VPC interview, so we’ve included it in our list of the best AWS VPC interview questions.
xxxxxxxxxx
This AWS VPC provides the given below features:
IPv4 and IPv6 address book.
Internet connectivity.
Subnet creation.
Route tables.
Elastic IP addresses.
Network/ Subnet security.
Additional networking services.
xxxxxxxxxx
If we want to build up our custom VPC, please follow the given below steps:
First, we need to create a virtual private cloud.
After that need to create subnets.
Now need to create an internet gateway.
Need to attach internet gateway with VPC.
Need to create a routing table.
Now add that created gateway in the new route table.
Do subnet association with the routing table.
Need to create a database server for the private subnet and a web server for the public subnet.
Need to create a new secured group of NAT.
Need to add HTTP and HTTPS inbound rules to allow traffic from private subnet IP.
Need to create elastic IP.
Tag this elastic IP with NAT.
Now deactivate the check for NAT.
Need to add this NAT in the base route table initially.
xxxxxxxxxx
VPC Security group VPC ACLS
1. Fix the traffic coming from EC2 instances. 1. Fix the traffic coming from Subnet.
2. It can be used to set only allow. 2. It can be used to set allow and deny both.
3. Filter traffic between the same instances in the same Subnet. 3. Doesn’t filter traffic between the same instances in the same Subnet.
4. Perform stateful filtering. 4. Perform stateless filtering.
xxxxxxxxxx
This security group is actually like a virtual firewall for the AWS EC2 instance. It can control inbound and outbound traffic. One can assign 5 security groups to one instance. It works on the instance level always. It doesn’t work at the subnet level. So each instance in a particular subnet in the same VPC can be assigned to a different set of security groups. When we want to use AWS VPC API, then also this security group will work.