Securing VPC Resources with Security Groups

Languages Available: Español (Latinoamérica) | Español (España) | Français | Bahasa Indonesia | Italiano | 日本語 | 한국어 | Português (Brasil) | 中文（简体)

This lab demonstrates how to lockdown security groups to appserver via a bastion host using SSM.

Level

Fundamental

Duration

1 Hours 0 Minutes

Course Objectives

In this course, you will learn how to:

• Examine security groups and determine what traffic is allowed
• Change which security groups are applied to Amazon EC2 instances
• Update security groups to follow the principle of least privilege
• Understand how security groups can reference other security groups
• Understand how to leverage Session Manager to connect to instances
  
  

Intended Audience

This course is intended for:

• Architects
• Security Engineers

Prerequisites

We recommend that attendees of this course have the following prerequisites:

• Access to a notebook computer with Wi-Fi and Microsoft Windows, macOS, or Linux (Ubuntu, SuSE, or Red Hat)

• **Note** The lab environment is not accessible using an iPad or tablet device, but you can use these devices to access the student guide.

• For Microsoft Windows users: Administrator access to the computer

• An internet browser such as Chrome, Firefox, or Internet Explorer 9 (previous versions of Internet Explorer are not supported)\

• Optional: An SSH client such as PuTTY

Course Outline

• Task 1: Inspect VPC resources and the AppServer
• Task 2: Test SSH connectivity to AppServer from public instances
• Task 3: Restrict SSH access to AppServer from a specific IP address
• Task 4: Restrict SSH access by referencing a security group as the inbound source