Reputation: 10632
AWS, VPC with Public and Private Subnets, outgoing security group settings query
I'm following this guide which suggests to set up a security group for the NAT, the databases, and the webservers.
In terms of security groups, the doc specifies to only allow outgoing traffic for the web instance to the databases and incoming http and https.
I'm struggling to understand how the webserver can respond to requests if outgoing on http and https are blocked by this setting.
Have I misunderstood something here, or is there something I'm missing?
Thanks,
Upvotes: 0
Views: 78
Answers (1)
Reputation: 13501
Security groups are statefull, meaning that the connections that you allow in are automatically allowed out. Also, security groups are only permissive, they only deny what is not explicitly allowed. Because of that, you usually do not need to explicitly allow outbound rules.
But if you need to allow outbound traffic without being related to an inbound connection, then explicit outbound rules are helpful.
Upvotes: 1
Related Questions
- AWS - Accessing instances in private subnet using EIP
- AWS: security groups ignoring traffic from elastic IP
- AWS - vpc: private subnet access from public subnet
- Why does my security group rule not work when calling from the private to public subnet?
- AWS public subnet VPC communication
- Security group for private subnet and public subnet (both EC2)
- AWS Public Subnet Internet Access for Non Public IP Instances
- AWS Security Group Outbound Query
- Private subnets options in AWS
- AWS vpc access the Internet from public subnet