Reputation: 113
Adding inbound rules to aws ec2 instance
What I really need to ask is that if multiple rules in a security group bound to an instance which accept traffic from port 22, 80 and 443 i.e ssh, http and https is the same thing as defining a single rule i.e custom-tcp which accepts traffic from port 0-60000. Will implementing the latter provision the same kind of access as the former?
In my system I'm trying to add rules to the default security group with node SDK/API and I thought just adding one rule to accept all kinds of traffic would be better than defining them separately but I'm not sure about that.
Image 1: Access with multiple rules on separate ports:
Image 2: Access with a single rule for all ports:
Upvotes: 2
Views: 3958
Answers (1)
Reputation: 238081
Will implementing the latter provision the same kind of access as the former?
Sadly, they are not equivalent, though technically they will both allow 22, 80 and 443 ports.
The 0-60000 will allow incoming connections on all ports. This does not agree well with the security best practice of granting least privileged permissions only.
In contrast, 22, 80 and 443 will allow only the three ports. Any access on other ports will be denied. If you don't need another ports, this option is better from the security perspective.
Upvotes: 2
Related Questions
- Inbound rules for security groups
- AWS manage ec2 inbound/outboud rules by user
- How can i customised outbound rules of ec2 instance for particular IP's
- IP whitelisting for local machine on ec2 instance using inbound rules in security group
- Amazon AWS EC2, Allow inbound http Request
- EC2 instance inbound rule not working
- Changes to inbound rules are not updating to instance
- How do I configure inbound rules properly for VPN on Amazon EC2?
- How to add my public IP address as an inbound rule?
- how to add inbound rules for AWS EC2 security group for all traffic