EC2 and Security Groups - Advanced

Lesson 10

So far, you have a single security group (protecting your front-end EC2 instance) and two EC2 instances (front-end and back-end). This is great! But what about the back-end instance? We can’t protect it with the current security group, because it shouldn’t be accessed from the internet, but it should be protected somehow…

In comes another security group to save the day!

In this lesson, you’ll be creating another security group resource to protect your back-end EC2 instance. This security group will be different because it won’t accept traffic over the internet. It will only accept traffic that has already come through the first security group!

What this means is that not just any internet traffic can access it. Only traffic that has gotten through the first security group (and other resource we will be building out in later lessons) can enter through this second security group.

TODO: Create a diagram to show this.

Let’s get started! Create two security groups. Only allow traffic into one security group from other security group. <– ask matt how to visualize this (bastion host?)

  • best practice naming conventions

put one instance in one security group and another instance in the other security group.

Table of contents

  1. EC2 and Security Groups - Advanced
  2. Create a second security group

Create a second security group

You now need to create a security group for you back-end EC2 instance.