1
00:00:00,500 --> 00:00:02,210
So we've launched our EC2 instance

2
00:00:02,210 --> 00:00:05,270
and now let's have a look at security groups.

3
00:00:05,270 --> 00:00:07,750
So we have a short idea of security groups

4
00:00:07,750 --> 00:00:09,290
by just clicking on security in here.

5
00:00:09,290 --> 00:00:11,470
And we get some overview

6
00:00:11,470 --> 00:00:13,780
of the security groups attached to our instance

7
00:00:13,780 --> 00:00:16,730
as well as the inbound rules and the outbound rules.

8
00:00:16,730 --> 00:00:17,760
But what I will do is

9
00:00:17,760 --> 00:00:20,800
that I will just access the more complete page

10
00:00:20,800 --> 00:00:23,310
of security groups from the left hand side menu.

11
00:00:23,310 --> 00:00:24,590
So under networking and security,

12
00:00:24,590 --> 00:00:26,330
you click on security group.

13
00:00:26,330 --> 00:00:27,340
And we can see so far

14
00:00:27,340 --> 00:00:29,190
that we have two security groups

15
00:00:29,190 --> 00:00:31,480
in our console so far.

16
00:00:31,480 --> 00:00:33,980
So the default security group that is created by default

17
00:00:33,980 --> 00:00:35,380
as well as the launch wizard one

18
00:00:35,380 --> 00:00:36,950
which is the first security group

19
00:00:36,950 --> 00:00:40,330
that was created when we created our EC2 instance.

20
00:00:40,330 --> 00:00:42,150
And so a security group has an ID.

21
00:00:42,150 --> 00:00:45,600
So an identifier, just like an EC2 instance has an ID.

22
00:00:45,600 --> 00:00:48,220
And then we can check the inbound rules.

23
00:00:48,220 --> 00:00:52,260
So the inbound rules are the rules that allows connectivity

24
00:00:52,260 --> 00:00:55,970
from the outside into the EC2 instance.

25
00:00:55,970 --> 00:00:58,890
And as we can see, we have two inbound rules in here.

26
00:00:58,890 --> 00:01:01,620
And the first one is of type SSH,

27
00:01:01,620 --> 00:01:04,860
which allows port 22 in our instance.

28
00:01:04,860 --> 00:01:08,300
And let me just click on edit inbound rules to see better.

29
00:01:08,300 --> 00:01:11,730
So set first one as SSH on port 22 from anywhere.

30
00:01:11,730 --> 00:01:14,890
So 000/0 is anywhere.

31
00:01:14,890 --> 00:01:17,280
And the second one is HTTP

32
00:01:17,280 --> 00:01:19,980
from port 80, again, anywhere.

33
00:01:19,980 --> 00:01:22,730
So this rule right here is what allowed us

34
00:01:22,730 --> 00:01:24,080
to access our web servers.

35
00:01:24,080 --> 00:01:27,000
So if you go back to the EC2 console,

36
00:01:27,000 --> 00:01:28,460
go to our instance

37
00:01:28,460 --> 00:01:29,860
and

38
00:01:29,860 --> 00:01:32,190
we were doing this IPv4 address.

39
00:01:32,190 --> 00:01:35,080
Okay, so we were opening it as an HTTP website.

40
00:01:35,080 --> 00:01:38,520
This worked thanks to this rule, port 80.

41
00:01:38,520 --> 00:01:39,353
Let's verify this.

42
00:01:39,353 --> 00:01:43,083
So if we delete this rule on port 80 and save the rules,

43
00:01:44,520 --> 00:01:47,010
as we can see now we only have port 22.

44
00:01:47,010 --> 00:01:49,800
So if I go back to this and refresh my page,

45
00:01:49,800 --> 00:01:51,350
now as we can see,

46
00:01:51,350 --> 00:01:53,300
there is an infinite loading screen right here

47
00:01:53,300 --> 00:01:54,500
on the top of my screen,

48
00:01:54,500 --> 00:01:55,720
which shows that well,

49
00:01:55,720 --> 00:01:59,810
indeed I don't have access to my EC2 instance.

50
00:01:59,810 --> 00:02:02,930
So here is a very important tip for you.

51
00:02:02,930 --> 00:02:04,350
Any time you see a timeout,

52
00:02:04,350 --> 00:02:05,440
okay, this is a timeout

53
00:02:05,440 --> 00:02:07,200
because it keeps on trying to connect

54
00:02:07,200 --> 00:02:08,032
but it doesn't succeed

55
00:02:08,032 --> 00:02:10,410
and then it will eventually fail, called a timeout.

56
00:02:10,410 --> 00:02:13,960
So if you see a timeout when trying to establish any kind

57
00:02:13,960 --> 00:02:16,850
of connection into your EC2 instances,

58
00:02:16,850 --> 00:02:19,190
for example, if you try to SSH into it,

59
00:02:19,190 --> 00:02:20,060
but there's a timeout,

60
00:02:20,060 --> 00:02:22,340
or if you try to do an HTTP query,

61
00:02:22,340 --> 00:02:23,210
but there's a timeout,

62
00:02:23,210 --> 00:02:25,070
or if you try to do anything with it

63
00:02:25,070 --> 00:02:26,290
and there is a timeout,

64
00:02:26,290 --> 00:02:29,690
this is 100% the cause

65
00:02:29,690 --> 00:02:32,620
of an EC2 security group.

66
00:02:32,620 --> 00:02:34,010
Okay, so in that case,

67
00:02:34,010 --> 00:02:35,770
go to your security group rules

68
00:02:35,770 --> 00:02:37,650
and make sure that they are correct,

69
00:02:37,650 --> 00:02:38,860
because if they're not correct,

70
00:02:38,860 --> 00:02:40,900
then you will get a timeout.

71
00:02:40,900 --> 00:02:43,580
So to fix this, we can add back a rule.

72
00:02:43,580 --> 00:02:44,413
We will do

73
00:02:45,530 --> 00:02:46,760
HTTP,

74
00:02:46,760 --> 00:02:48,940
which allows to get port 80

75
00:02:48,940 --> 00:02:50,260
in here automatically.

76
00:02:50,260 --> 00:02:55,250
And then from anywhere IPv6, IPv4, excuse me, right here,

77
00:02:55,250 --> 00:02:58,000
which allows this block right here.

78
00:02:58,000 --> 00:02:59,280
We save the rule.

79
00:02:59,280 --> 00:03:00,410
Now the rule is done.

80
00:03:00,410 --> 00:03:02,320
If I go back to my page and refresh

81
00:03:02,320 --> 00:03:04,900
as you can see, now it is fully working.

82
00:03:04,900 --> 00:03:08,210
So this inbound rule really did the trick.

83
00:03:08,210 --> 00:03:10,230
But we could add any sort of inbound rule.

84
00:03:10,230 --> 00:03:13,230
So we could define the port or the port range

85
00:03:13,230 --> 00:03:14,400
that we want to.

86
00:03:14,400 --> 00:03:16,780
So we could say, for example, any port we want,

87
00:03:16,780 --> 00:03:19,560
for example 443, which is HTTPS

88
00:03:19,560 --> 00:03:22,100
or choose directly from a dropdown here

89
00:03:22,100 --> 00:03:24,670
as a little shortcut the type of protocol you want.

90
00:03:24,670 --> 00:03:28,660
For example, HTTPS is 443 automatically.

91
00:03:28,660 --> 00:03:31,590
And then you can define where you want to allow from.

92
00:03:31,590 --> 00:03:33,640
So you have different CIDR blocks

93
00:03:33,640 --> 00:03:35,550
and we don't need them right now,

94
00:03:35,550 --> 00:03:37,170
or security groups or prefix list,

95
00:03:37,170 --> 00:03:39,130
but we'll get to see them later on,

96
00:03:39,130 --> 00:03:40,310
okay, in this course.

97
00:03:40,310 --> 00:03:42,280
For now, just know that you could have

98
00:03:42,280 --> 00:03:45,970
either a custom CIDR anywhere which adds this blog

99
00:03:45,970 --> 00:03:48,260
or if you want to, can select my IP

100
00:03:48,260 --> 00:03:50,540
to only allow access to your IP.

101
00:03:50,540 --> 00:03:52,820
But just be aware that if your IP changes,

102
00:03:52,820 --> 00:03:54,030
then you will get a timeout

103
00:03:54,030 --> 00:03:57,670
and will not be able to access your EC2 instance.

104
00:03:57,670 --> 00:03:59,420
Finally, one last bit of information.

105
00:03:59,420 --> 00:04:01,140
So we can have a look at outbound rules.

106
00:04:01,140 --> 00:04:05,400
So we allow all traffic on IPv4 to anywhere.

107
00:04:05,400 --> 00:04:08,530
So this allows our EC2 instance

108
00:04:08,530 --> 00:04:11,460
to get full internet connectivity anywhere.

109
00:04:11,460 --> 00:04:12,293
And something you should know,

110
00:04:12,293 --> 00:04:14,500
so we have two security groups right here

111
00:04:14,500 --> 00:04:16,180
default and launch wizard,

112
00:04:16,180 --> 00:04:17,380
and an EC2 instance

113
00:04:17,380 --> 00:04:19,380
can have many security groups attached to it.

114
00:04:19,380 --> 00:04:21,899
So it can attach one but two or three

115
00:04:21,899 --> 00:04:23,960
if you want maybe five security groups

116
00:04:23,960 --> 00:04:27,000
and the rules will just add on to each other.

117
00:04:27,000 --> 00:04:30,210
And also this security group we have created from default

118
00:04:30,210 --> 00:04:32,880
so for example, this launch wizard one can be attached

119
00:04:32,880 --> 00:04:34,500
to other EC2 instances.

120
00:04:34,500 --> 00:04:36,060
Okay, so you can attach

121
00:04:36,060 --> 00:04:37,560
as many security groups as you want

122
00:04:37,560 --> 00:04:39,940
as well as as many EC2 instances you want

123
00:04:39,940 --> 00:04:41,490
to one security group.

124
00:04:41,490 --> 00:04:42,540
That's it for this lecture.

125
00:04:42,540 --> 00:04:43,650
I hope you liked it.

126
00:04:43,650 --> 00:04:45,600
And I will see you in the next lecture.