Skip to main content
HashnodeUntitled Publication

Command Palette

Search for a command to run...

Setting Up EC2 Security Groups for Secure Access

Published
3 min read
M
Muhammad Sufiyan

As a former 3D Animator with more than 12 years of experience, I have always been fascinated by the intersection of technology and creativity. That's why I recently shifted my career towards MERN stack development and software engineering, where I have been serving since 2021.

With my background in 3D animation, I bring a unique perspective to software development, combining creativity and technical expertise to build innovative and visually engaging applications. I have a passion for learning and staying up-to-date with the latest technologies and best practices, and I enjoy collaborating with cross-functional teams to solve complex problems and create seamless user experiences.

In my current role as a MERN stack developer, I have been responsible for developing and implementing web applications using MongoDB, Express, React, and Node.js. I have also gained experience in Agile development methodologies, version control with Git, and cloud-based deployment using platforms like Heroku and AWS.

I am committed to delivering high-quality work that meets the needs of both clients and end-users, and I am always seeking new challenges and opportunities to grow both personally and professionally.

Part of seriesNode.js Production and the Cloud (Docker + AWS)

Welcome back! Let's secure our EC2 instance to ensure it’s accessible for authorized use while keeping potential hackers at bay. We will configure a security group, a set of firewall rules controlling network traffic to our instance.

What Is a Security Group?

A security group is essentially a virtual firewall for your EC2 instance. You can add rules to:

  • Specify protocols (e.g., HTTP, SMTP, POP3) that can access your server.

  • Define allowed ports.

  • Control IP address ranges.

For example, if you set up a web server, you might allow unrestricted access to HTTP (port 80) and HTTPS (port 443).

By default, all incoming ports are blocked. When you add a rule, you create an exception to allow specific access.

Adding Security Group Rules

Step 1: Configure API Server Access

  • Protocol: Custom TCP

  • Port: 8000 (our API server port, as exposed in the Docker file).

  • Source: Anywhere (0.0.0.0/0).

Step 2: Configure SSH Access

  • Protocol: SSH

  • Port: 22

  • Source: Anywhere (0.0.0.0/0).

Tip: For high-security applications, restrict SSH access by specifying your IP address instead of using “Anywhere.”

Amazon provides an IP range notation (CIDR) to define ranges. For example:

  • 0.0.0.0/0: Any IP address.

  • 192.168.1.0/24: A specific range of IPs.

Even though SSH access is open, it’s secured by key-based authentication, adding an extra layer of security.

Step 3: Naming the Security Group

  • Use a meaningful name, e.g., NassrProject-SG.

  • Add a description to keep track of its purpose.

OSI Model and Protocols Overview

The OSI model defines layers of communication over networks:

  1. Application Layer (e.g., HTTP, FTP, WebSockets).

  2. Transport Layer (e.g., TCP, UDP).

We use TCP (Transmission Control Protocol) for reliable, connection-based communication—perfect for HTTP requests and responses. Protocols like FTP and WebSockets also rely on TCP.

Setting Up Key Pair for SSH Access

What is a Key Pair?

A key pair consists of:

  • Public Key: Stored on the server.

  • Private Key: Stored on your computer.

This is part of public key encryption, used for secure communication over HTTPS and SSH.

Creating the Key Pair

  1. Name the key pair, e.g., NassrProjectKeyPair.

  2. Download the .pem file (private key).

  3. Store it securely! You cannot re-download this file. Losing it means recreating the instance.

Launching the EC2 Instance

  1. Review Settings: Check instance type, storage, and network settings.

  2. Launch the Instance: Assign the security group and key pair.

  3. Monitor Instance Status:

    • View details in the Instances Dashboard.

    • Check public IP, launch time, and status checks.

Accessing the Instance

  • Use the public IP to connect to the instance.

  • Example: Access your application at http://<public-ip>:8000 (once deployed).

Conclusion

With this setup:

  • Port 8000 is accessible for API traffic.

  • Port 22 allows SSH access.

  • Your instance is protected by default rules and key-based SSH authentication.

Deployment comes next! We’ll install Docker and deploy our application in the upcoming steps. See you in the next session!

#ec2#security#aws

Comments

Join the discussion

No comments yet. Be the first to comment.

Node.js Production and the Cloud (Docker + AWS)

Part 8 of 12
Up next

Understanding SSH (Secure Shell)

Welcome back! Before we proceed, let's dive into an important concept that developers frequently encounter: SSH, or Secure Shell. What exactly is SSH, and why is it essential? What is SSH? SSH is a cryptographic network protocol used for operating ne...

More from this blog

Untitled Publication

180 posts