EC2 - Security Groups/Ports/SSH

Question 1

What is a Security Group?

Answer 1

A Security Group is a virtual firewall for your EC2 instances that controls inbound and outbound traffic. It only allows specific types of traffic based on set rules.

Question 2

What types of traffic do Security Groups control?

Answer 2

Security groups control inbound (from the internet to your EC2 instance) and outbound (from the EC2 instance to the internet) traffic.

Question 3

What information do you define in a security group rule?

Answer 3

Each rule specifies:

Type (e.g., SSH, HTTP)
Protocol (e.g., TCP)
Port (e.g., port 22 for SSH)
Source (e.g., IP range like 0.0.0.0/0 or another security group).

Question 4

What are the default behaviors of a Security Group?

Answer 4

By default, all inbound traffic is blocked and outbound traffic is allowed.

Security groups can be attached to multiple EC2 instances, and each instance can have multiple security groups.

Question 5

What happens if an EC2 instance is not accessible or times out?

Answer 5

If an EC2 instance doesn’t respond or times out, it’s likely a security group issue blocking inbound traffic. If you see a connection refused error, the traffic reached the instance but the application rejected it.

Question 6

What is the advanced feature of referencing other security groups?

Answer 6

You can configure a security group to allow traffic from other security groups, regardless of the EC2 instances’ IP addresses. This simplifies communication between instances without needing to manage IP addresses directly.

Question 7

What does an inbound security group rule look like?

Answer 7

Type: SSH
Protocol: TCP
Port: 22
Source: 0.0.0.0/0 (all IPs, but typically more restrictive).

Question 8

What are some important ports to remember for security groups?

Answer 8

22: SSH (for Linux EC2)
21: FTP (for file transfer)
80: HTTP (unsecured websites)
443: HTTPS (secured websites)
3389: RDP (for Windows EC2)

Question 9

What is SSH used for in AWS EC2?

Answer 9

SSH (Secure Shell) is used to securely connect to EC2 instances for maintenance or other tasks, typically on Linux-based systems.

Question 10

How do you connect to an EC2 instance using SSH on Mac or Linux?

Answer 10

On Mac or Linux, you can use the terminal and run the ssh command with the private key (.pem file) to connect to your EC2 instance.

Question 11

How do you connect to an EC2 instance using SSH on Windows (pre-Windows 10)?

Answer 11

On Windows versions before 10, use PuTTY, a free SSH client, to connect to the EC2 instance using your private key.

Question 12

How do you connect to an EC2 instance using SSH on Windows 10 and newer versions?

Answer 12

On Windows 10 or later, you can use the built-in SSH command in the Command Prompt or PowerShell (similar to Mac/Linux).

Question 13

What is EC2 Instance Connect and how does it work?

Answer 13

EC2 Instance Connect allows you to connect to EC2 instances directly from your web browser without needing to install anything. It supports Mac, Linux, and Windows.

Question 14

Which EC2 instance types are compatible with EC2 Instance Connect?

Answer 14

EC2 Instance Connect currently works with Amazon Linux 2 instances.

Question 15

What should you do if you’re having trouble connecting to an EC2 instance via SSH?

Answer 15

Double-check your security group rules (make sure port 22 is open).
Verify the SSH command or Putty settings.
Check for typos in the IP address or command.
Try EC2 Instance Connect, as it might bypass other issues.
If all else fails, consult the troubleshooting guide.