cloud-project

Project 05: Secure Virtual Machines in AWS using Security Groups & Resource Groups

CyberPreacher Edition

Project Scenario

A company is migrating its infrastructure to AWS and needs strict security controls for its EC2 instances. Their challenges include:

All resources in this lab will be deployed in the US East (N. Virginia) region.


Lab Objectives

In this lab, you will complete the following exercises:


Exercise 1: Create an EC2 Instance in AWS

Estimated Time: 15 minutes

Note: Ensure that you have created an AWS account with an active subscription (AWS Console) or sign up for AWS Free Tier.

Task 1: Create an EC2 Instance

  1. Log in to the AWS Management Console.
  2. In the Search bar, type EC2 and press Enter.
  3. Click Launch Instance and configure the following:

    Setting Value
    AMI Ubuntu Server 22.04 LTS
    Instance Type t3.medium - 2 vCPUs, 8 GiB RAM
    Key Pair Create or use an existing SSH key
    Networking Select default VPC or create a new one
    Subnet Choose subnet within the VPC
    Auto-assign Public IP Enabled
    Security Group Create or select an SG (configured below)
    Storage Default (8 GiB, can be adjusted)
  4. Click Launch to deploy the instance.
  5. After deployment, navigate to Instances and verify the instance status.

Task 2: Create an EC2 instance using CLI (Option 2)

Alternatively, you can use AWS CLI to create the instance. Open AWS CloudShell or your local terminal and run:

aws ec2 run-instances --image-id ami-xxxxxx --count 1 --instance-type t3.medium --key-name MyKeyPair --security-group-ids sg-xxxxxx --subnet-id subnet-xxxxxx

Once the instance is running, verify its status with:

aws ec2 describe-instances --instance-ids i-xxxxxxxx

Exercise 2: Configure Security Groups for Instance Security

Estimated Time: 10 minutes

Security Groups act as virtual firewalls that control inbound and outbound traffic to EC2 instances.

Task 1: Create a Security Group

  1. In the AWS Console, navigate to EC2 > Security Groups.
  2. Click Create Security Group and define the following:

    Setting Value
    Security Group Name SecureEC2-SG
    Description Security rules for EC2 instance
    VPC Select the default or created VPC

Task 2: Configure Security Group Rules

  1. Open SecureEC2-SG.
  2. Click Inbound Rules, then Add Rule:

    Protocol Port Source Action
    SSH 22 My IP Allow
    HTTP 80 Anywhere Allow
    HTTPS 443 Anywhere Allow
  3. Click Save Rules.
  4. Navigate to Outbound Rules, then Add Rule:

    Protocol Port Destination Action
    All Traffic All Anywhere Allow

Result: Security Groups ensure controlled access to the EC2 instance.

  1. Attach this Security Group to your EC2 instance by navigating to Instances > Networking > Change Security Groups > Select SecureEC2-SG.

Exercise 3: Implement Resource Groups for Easier Management

Estimated Time: 10 minutes

AWS Resource Groups allow you to organize EC2 instances based on their function for better security and management.

Task 1: Create a Resource Group

  1. Navigate to AWS Console > Resource Groups > Create Group.
  2. Define the following settings:

    Setting Value
    Group Name WebServerGroup
    Resource Type EC2 Instances
    Tagging Strategy Role=WebServer
  3. Click Create.

Task 2: Assign EC2 Instances to Resource Group

  1. Navigate to your EC2 instance.
  2. Add tags:
    • Key: Role
    • Value: WebServer
  3. The instance is now part of WebServerGroup for easier management.

Task 3: Apply Security Group Rules using Resource Groups

  1. Modify SecureEC2-SG to apply rules to EC2 instances in WebServerGroup.
  2. Define Inbound Rules:

    Protocol Port Source Action
    HTTPS 443 Resource Group (WebServerGroup) Allow
  3. Click Save Rules.

Result: Security policies are dynamically applied based on Resource Groups.


Summary of Security Enhancements

Side Task: Deploy another EC2 instance, assign Resource Group, and verify traffic flow restrictions. Share findings on LinkedIn with hashtags #CloudSecurityWithCyberPreacher #CPwCP.

Note: Remember to delete resources after the lab to avoid unnecessary costs (terminate EC2 instances and security groups).