Creating Your Amazon EC2 Security Group

The following steps will instruct you on how to create your Amazon EC2 Security Group:

1. Firstly, you need to open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.
2. On the “Navigation” pane, you have to select “US East (Virginia)” from the “Region” drop-down menu.

Note: For this walkthrough, we will always use the US East (Virginia) Region. However, while deploying your own application, you should select the Region that is closest in proximity to you.

3. Upon clicking on “Security Groups” in the “Navigation” pane, the console will display a list of all current security groups.
4. Click on the “Create Security Group” button. Upon doing so, the “Create Security Group” dialog box will appear.
5. You will be now required to configure the following settings.

• Enter webappsecuritygroup in the “Name” text box (only for this example).
• Enter a description in the “Description” text box.
• For the “VPC” box, you should select “No VPC”.
• Click on the “Yes, Create” button.

Amazon EC2 will now create the security group, and automatically add it to your existing list of groups. In order to modify the ports, you will now be required to configure your Amazon EC2 security group.

Configuring Your Security Group

1. Firstly, on the “Security Groups” page, you need to click “webappsecuritygroup” (the security group that you created previously).

2. Now, click on the “Inbound” tab.
3. In the “Create a new rule” drop-down box, select “HTTP”.
4. In the “Source” box, you need to type “amazon-elb/amazon-elb-sg” (without the quotes). This name of the security group is the one that AWS assigns to the Elastic Load Balancer. Selecting this source means that only the traffic that is coming through the Elastic Load Balancer can connect to your Amazon EC2 instance.
5. Click on the “Add Rule” button. Click “RDP” to connect to your Amazon EC2 instances.

Important Note: In this particular example, the security group source settings have been configured to allow access from anywhere and everywhere (0.0.0.0/0).You should keep in mind that this is not a good practice. We have set it up this way only for the purpose of this particular example. The best practice is to set rules in such a way the access is restricted to only those computers or networks that actually require access to the service. The number after the slash (“/”), indicates a range of addresses.

6. Click on the “Add Rule” button.
7. Click the “Apply Rule Changes” button.

Note: Your Amazon EC2 security group has not yet been enforced. It will be enforced only when we create our Auto Scaling group. However, you are allowed to apply an Amazon EC2 security group to an Amazon EC2 instance. For further information regarding this topic, please refer to Using Security Groups.