Before launching your Virtual Server (EC2), you need to create a Security Group that has an appropriate security rule. Now, we have two subnets, public and private. Let's set public subnet such that it allows ssh (22/tcp) and http (80/tcp) from the internet. Then, set the private subnet such that it allows ssh from the public subnet:
- Create one security group for the public subnet on VPC (vpc-69cfbd12):
$ aws ec2 create-security-group --vpc-id vpc-69cfbd12 --group-name public --description "public facing host"
{
"GroupId": "sg-dd8a3f94"
}
- Add the ssh allow rule to the public security group (sg-dd8a3f94):
$ aws ec2 authorize-security-group-ingress --group-id sg-dd8a3f94 --protocol tcp --port 22 --cidr 0.0.0.0/0
- Add the http allow rule to the public security group (sg-dd8a3f94):
$ aws ec2 authorize-security-group-ingress --group-id sg-dd8a3f94 --protocol tcp --port 80 --cidr 0.0.0.0/0
- Create a second security group for the private subnet on VPC (vpc-69cfbd12):
$ aws ec2 create-security-group --vpc-id vpc-69cfbd12 --group-name private --description "private subnet host"
{
"GroupId": "sg-a18c39e8"
}
- Add an ssh allow rule to the private security group (sg-a18c39e8):
$ aws ec2 authorize-security-group-ingress --group-id sg-a18c39e8 --protocol tcp --port 22 --source-group sg-dd8a3f94
- Check the Security Group list using the following command:
$ aws ec2 describe-security-groups --filters "Name=vpc-id, Values=vpc-69cfbd12" --query "SecurityGroups[*].{id:GroupId,name:GroupName}" --output table
----------------------------
| DescribeSecurityGroups |
+--------------+-----------+
| id | name |
+--------------+-----------+
| sg-2ed56067 | default |
| sg-a18c39e8 | private |
| sg-dd8a3f94 | public |
+--------------+-----------+