1
00:00:00,500 --> 00:00:02,210
‫So we've launched our EC2 instance

2
00:00:02,210 --> 00:00:05,270
‫and now let's have a look at security groups.

3
00:00:05,270 --> 00:00:07,750
‫So we have a short idea of security groups

4
00:00:07,750 --> 00:00:09,290
‫by just clicking on security in here.

5
00:00:09,290 --> 00:00:11,470
‫And we get some overview

6
00:00:11,470 --> 00:00:13,780
‫of the security groups attached to our instance

7
00:00:13,780 --> 00:00:16,730
‫as well as the inbound rules and the outbound rules.

8
00:00:16,730 --> 00:00:17,760
‫But what I will do is

9
00:00:17,760 --> 00:00:20,800
‫that I will just access the more complete page

10
00:00:20,800 --> 00:00:23,310
‫of security groups from the left hand side menu.

11
00:00:23,310 --> 00:00:24,590
‫So under networking and security,

12
00:00:24,590 --> 00:00:26,330
‫you click on security group.

13
00:00:26,330 --> 00:00:27,340
‫And we can see so far

14
00:00:27,340 --> 00:00:29,190
‫that we have two security groups

15
00:00:29,190 --> 00:00:31,480
‫in our console so far.

16
00:00:31,480 --> 00:00:33,980
‫So the default security group that is created by default

17
00:00:33,980 --> 00:00:35,380
‫as well as the launch wizard one

18
00:00:35,380 --> 00:00:36,950
‫which is the first security group

19
00:00:36,950 --> 00:00:40,330
‫that was created when we created our EC2 instance.

20
00:00:40,330 --> 00:00:42,150
‫And so a security group has an ID.

21
00:00:42,150 --> 00:00:45,600
‫So an identifier, just like an EC2 instance has an ID.

22
00:00:45,600 --> 00:00:48,220
‫And then we can check the inbound rules.

23
00:00:48,220 --> 00:00:52,260
‫So the inbound rules are the rules that allows connectivity

24
00:00:52,260 --> 00:00:55,970
‫from the outside into the EC2 instance.

25
00:00:55,970 --> 00:00:58,890
‫And as we can see, we have two inbound rules in here.

26
00:00:58,890 --> 00:01:01,620
‫And the first one is of type SSH,

27
00:01:01,620 --> 00:01:04,860
‫which allows port 22 in our instance.

28
00:01:04,860 --> 00:01:08,300
‫And let me just click on edit inbound rules to see better.

29
00:01:08,300 --> 00:01:11,730
‫So set first one as SSH on port 22 from anywhere.

30
00:01:11,730 --> 00:01:14,890
‫So 000/0 is anywhere.

31
00:01:14,890 --> 00:01:17,280
‫And the second one is HTTP

32
00:01:17,280 --> 00:01:19,980
‫from port 80, again, anywhere.

33
00:01:19,980 --> 00:01:22,730
‫So this rule right here is what allowed us

34
00:01:22,730 --> 00:01:24,080
‫to access our web servers.

35
00:01:24,080 --> 00:01:27,000
‫So if you go back to the EC2 console,

36
00:01:27,000 --> 00:01:28,460
‫go to our instance

37
00:01:28,460 --> 00:01:29,860
‫and

38
00:01:29,860 --> 00:01:32,190
‫we were doing this IPv4 address.

39
00:01:32,190 --> 00:01:35,080
‫Okay, so we were opening it as an HTTP website.

40
00:01:35,080 --> 00:01:38,520
‫This worked thanks to this rule, port 80.

41
00:01:38,520 --> 00:01:39,353
‫Let's verify this.

42
00:01:39,353 --> 00:01:43,083
‫So if we delete this rule on port 80 and save the rules,

43
00:01:44,520 --> 00:01:47,010
‫as we can see now we only have port 22.

44
00:01:47,010 --> 00:01:49,800
‫So if I go back to this and refresh my page,

45
00:01:49,800 --> 00:01:51,350
‫now as we can see,

46
00:01:51,350 --> 00:01:53,300
‫there is an infinite loading screen right here

47
00:01:53,300 --> 00:01:54,500
‫on the top of my screen,

48
00:01:54,500 --> 00:01:55,720
‫which shows that well,

49
00:01:55,720 --> 00:01:59,810
‫indeed I don't have access to my EC2 instance.

50
00:01:59,810 --> 00:02:02,930
‫So here is a very important tip for you.

51
00:02:02,930 --> 00:02:04,350
‫Any time you see a timeout,

52
00:02:04,350 --> 00:02:05,440
‫okay, this is a timeout

53
00:02:05,440 --> 00:02:07,200
‫because it keeps on trying to connect

54
00:02:07,200 --> 00:02:08,033
‫but it doesn't succeed

55
00:02:08,033 --> 00:02:10,410
‫and then it will eventually fail, called a timeout.

56
00:02:10,410 --> 00:02:13,960
‫So if you see a timeout when trying to establish any kind

57
00:02:13,960 --> 00:02:16,850
‫of connection into your EC2 instances,

58
00:02:16,850 --> 00:02:19,190
‫for example, if you try to SSH into it,

59
00:02:19,190 --> 00:02:20,060
‫but there's a timeout,

60
00:02:20,060 --> 00:02:22,340
‫or if you try to do an HTTP query,

61
00:02:22,340 --> 00:02:23,210
‫but there's a timeout,

62
00:02:23,210 --> 00:02:25,070
‫or if you try to do anything with it

63
00:02:25,070 --> 00:02:26,290
‫and there is a timeout,

64
00:02:26,290 --> 00:02:29,690
‫this is 100% the cause

65
00:02:29,690 --> 00:02:32,620
‫of an EC2 security group.

66
00:02:32,620 --> 00:02:34,010
‫Okay, so in that case,

67
00:02:34,010 --> 00:02:35,770
‫go to your security group rules

68
00:02:35,770 --> 00:02:37,650
‫and make sure that they are correct,

69
00:02:37,650 --> 00:02:38,860
‫because if they're not correct,

70
00:02:38,860 --> 00:02:40,900
‫then you will get a timeout.

71
00:02:40,900 --> 00:02:43,580
‫So to fix this, we can add back a rule.

72
00:02:43,580 --> 00:02:44,413
‫We will do

73
00:02:45,530 --> 00:02:46,760
‫HTTP,

74
00:02:46,760 --> 00:02:48,940
‫which allows to get port 80

75
00:02:48,940 --> 00:02:50,260
‫in here automatically.

76
00:02:50,260 --> 00:02:55,250
‫And then from anywhere IPv6, IPv4, excuse me, right here,

77
00:02:55,250 --> 00:02:58,000
‫which allows this block right here.

78
00:02:58,000 --> 00:02:59,280
‫We save the rule.

79
00:02:59,280 --> 00:03:00,410
‫Now the rule is done.

80
00:03:00,410 --> 00:03:02,320
‫If I go back to my page and refresh

81
00:03:02,320 --> 00:03:04,900
‫as you can see, now it is fully working.

82
00:03:04,900 --> 00:03:08,210
‫So this inbound rule really did the trick.

83
00:03:08,210 --> 00:03:10,230
‫But we could add any sort of inbound rule.

84
00:03:10,230 --> 00:03:13,230
‫So we could define the port or the port range

85
00:03:13,230 --> 00:03:14,400
‫that we want to.

86
00:03:14,400 --> 00:03:16,780
‫So we could say, for example, any port we want,

87
00:03:16,780 --> 00:03:19,560
‫for example 443, which is HTTPS

88
00:03:19,560 --> 00:03:22,100
‫or choose directly from a dropdown here

89
00:03:22,100 --> 00:03:24,670
‫as a little shortcut the type of protocol you want.

90
00:03:24,670 --> 00:03:28,660
‫For example, HTTPS is 443 automatically.

91
00:03:28,660 --> 00:03:31,590
‫And then you can define where you want to allow from.

92
00:03:31,590 --> 00:03:33,640
‫So you have different CIDR blocks

93
00:03:33,640 --> 00:03:35,550
‫and we don't need them right now,

94
00:03:35,550 --> 00:03:37,170
‫or security groups or prefix list,

95
00:03:37,170 --> 00:03:39,130
‫but we'll get to see them later on,

96
00:03:39,130 --> 00:03:40,310
‫okay, in this course.

97
00:03:40,310 --> 00:03:42,280
‫For now, just know that you could have

98
00:03:42,280 --> 00:03:45,970
‫either a custom CIDR anywhere which adds this blog

99
00:03:45,970 --> 00:03:48,260
‫or if you want to, can select my IP

100
00:03:48,260 --> 00:03:50,540
‫to only allow access to your IP.

101
00:03:50,540 --> 00:03:52,820
‫But just be aware that if your IP changes,

102
00:03:52,820 --> 00:03:54,030
‫then you will get a timeout

103
00:03:54,030 --> 00:03:57,670
‫and will not be able to access your EC2 instance.

104
00:03:57,670 --> 00:03:59,420
‫Finally, one last bit of information.

105
00:03:59,420 --> 00:04:01,140
‫So we can have a look at outbound rules.

106
00:04:01,140 --> 00:04:05,400
‫So we allow all traffic on IPv4 to anywhere.

107
00:04:05,400 --> 00:04:08,530
‫So this allows our EC2 instance

108
00:04:08,530 --> 00:04:11,460
‫to get full internet connectivity anywhere.

109
00:04:11,460 --> 00:04:12,293
‫And something you should know,

110
00:04:12,293 --> 00:04:14,500
‫so we have two security groups right here

111
00:04:14,500 --> 00:04:16,180
‫default and launch wizard,

112
00:04:16,180 --> 00:04:17,380
‫and an EC2 instance

113
00:04:17,380 --> 00:04:19,380
‫can have many security groups attached to it.

114
00:04:19,380 --> 00:04:21,900
‫So it can attach one but two or three

115
00:04:21,900 --> 00:04:23,960
‫if you want maybe five security groups

116
00:04:23,960 --> 00:04:27,000
‫and the rules will just add on to each other.

117
00:04:27,000 --> 00:04:30,210
‫And also this security group we have created from default

118
00:04:30,210 --> 00:04:32,880
‫so for example, this launch wizard one can be attached

119
00:04:32,880 --> 00:04:34,500
‫to other EC2 instances.

120
00:04:34,500 --> 00:04:36,060
‫Okay, so you can attach

121
00:04:36,060 --> 00:04:37,560
‫as many security groups as you want

122
00:04:37,560 --> 00:04:39,940
‫as well as as many EC2 instances you want

123
00:04:39,940 --> 00:04:41,490
‫to one security group.

124
00:04:41,490 --> 00:04:42,540
‫That's it for this lecture.

125
00:04:42,540 --> 00:04:43,650
‫I hope you liked it.

126
00:04:43,650 --> 00:04:45,600
‫And I will see you in the next lecture.