For this exercise you'll need:
- EC2 instance with web application
- Security group inbound rules that allow HTTP traffic
- List the security groups you have in your account, in the region you are using
- Remove the HTTP inbound traffic rule
- Can you still access the application? What do you see/get?
- Add back the rule
- Can you access the application now?
- Go to EC2 service - > Click on "Security Groups" under "Network & Security" You should see at least one security group. One of them is called "default"
- Click on the security group with HTTP rules and click on "Edit inbound rules". Remove the HTTP related rules and click on "Save rules"
- No. There is a time out because we removed the rule allowing HTTP traffic.
- Click on the security group -> edit inbound rules and add the following rule:
- Type: HTTP
- Port range: 80
- Source: Anywhere -> 0.0.0.0/0
- yes
aws ec2 describe-security-groups
-> by default, there is one security group called "default", in a new account- Remove the rule:
aws ec2 revoke-security-group-ingress \
--group-name someHTTPSecurityGroup
--protocol tcp \
--port 80 \
--cidr 0.0.0.0/0
- No. There is a time out because we removed the rule allowing HTTP traffic.
- Add the rule we remove:
aws ec2 authorize-security-group-ingress \
--group-name someHTTPSecurityGroup
--protocol tcp \
--port 80 \
--cidr 0.0.0.0/0
- yes