A company is migrating its infrastructure to AWS and needs strict security controls for its EC2 instances. Their challenges include:
All resources in this lab will be deployed in the US East (N. Virginia) region.
In this lab, you will complete the following exercises:
Note: Ensure that you have created an AWS account with an active subscription (AWS Console) or sign up for AWS Free Tier.
Click Launch Instance and configure the following:
Setting | Value |
---|---|
AMI | Ubuntu Server 22.04 LTS |
Instance Type | t3.medium - 2 vCPUs, 8 GiB RAM |
Key Pair | Create or use an existing SSH key |
Networking | Select default VPC or create a new one |
Subnet | Choose subnet within the VPC |
Auto-assign Public IP | Enabled |
Security Group | Create or select an SG (configured below) |
Storage | Default (8 GiB, can be adjusted) |
Alternatively, you can use AWS CLI to create the instance. Open AWS CloudShell or your local terminal and run:
aws ec2 run-instances --image-id ami-xxxxxx --count 1 --instance-type t3.medium --key-name MyKeyPair --security-group-ids sg-xxxxxx --subnet-id subnet-xxxxxx
Once the instance is running, verify its status with:
aws ec2 describe-instances --instance-ids i-xxxxxxxx
Security Groups act as virtual firewalls that control inbound and outbound traffic to EC2 instances.
Click Create Security Group and define the following:
Setting | Value |
---|---|
Security Group Name | SecureEC2-SG |
Description | Security rules for EC2 instance |
VPC | Select the default or created VPC |
Click Inbound Rules, then Add Rule:
Protocol | Port | Source | Action |
---|---|---|---|
SSH | 22 | My IP | Allow |
HTTP | 80 | Anywhere | Allow |
HTTPS | 443 | Anywhere | Allow |
Navigate to Outbound Rules, then Add Rule:
Protocol | Port | Destination | Action |
---|---|---|---|
All Traffic | All | Anywhere | Allow |
Result: Security Groups ensure controlled access to the EC2 instance.
AWS Resource Groups allow you to organize EC2 instances based on their function for better security and management.
Define the following settings:
Setting | Value |
---|---|
Group Name | WebServerGroup |
Resource Type | EC2 Instances |
Tagging Strategy | Role=WebServer |
Define Inbound Rules:
Protocol | Port | Source | Action |
---|---|---|---|
HTTPS | 443 | Resource Group (WebServerGroup) | Allow |
Result: Security policies are dynamically applied based on Resource Groups.
Side Task: Deploy another EC2 instance, assign Resource Group, and verify traffic flow restrictions. Share findings on LinkedIn with hashtags #CloudSecurityWithCyberPreacher #CPwCP.
Note: Remember to delete resources after the lab to avoid unnecessary costs (terminate EC2 instances and security groups).