VPC 1 Flashcards
Security Groups
What’s the major limitation of SGs?
Can’t deny (other than implicit deny)
Security Groups
What do you attach Security Groups to?
ENIs, not instances!
Security Groups
Can hosts in a SG talk to each other?
Not by default, need self-referenced SG to allow it
Security Groups
Highest-level Use Cases for NACLs and SG?
SGs for expected app traffic, NACLs to deny bad actors or OOB traffic
Security Groups
How do you setup a Security Group rule to deny access?
Can’t, SGs are inclusive only.
Security Groups
What permissions are on the default security group?
Allow all inbound traffic from the default sg, allow all outbound traffic.
Security Groups
What is the default permission for a custom security group you create?
No inbound traffic, allow all outbound traffic.
Security Groups
Can instances within the same security group communicate by default?
No, you have to enable this explicitly: source is the security group in question.
Security Groups
Why can’t I ping my instance from another security group?
Prob. didn’t add explicit rule for ICMP Ping “Echo” type to the inbound rule of the sg.
Security Groups
Which scales better, Security Groups or NACLs?
Security Groups: use logical names for groups of things, not IP-based
Security Groups
How do you change an EC2 instance’s Role that it uses?
Just do it, change Role from console or elsewhere, disappears from inside EC2 instance.