Security Group

What is a Security Group

A security group is a virtual firewall provided by AWS that controls inbound (ingress) and outbound (egress) network traffic at the resource level. It is associated with EC2 instances, RDS databases, Lambda functions in VPCs, and other network resources. Unlike a traditional firewall that operates by IPs, security groups are stateful: if an inbound connection is allowed, the outbound response is automatically permitted without needing an explicit rule.

How it works

Each security group contains a set of rules defining what traffic is allowed. Rules specify the protocol (TCP, UDP, ICMP), port range, and source or destination (an IP, CIDR range, or another security group). By default, a security group allows all outbound traffic and denies all inbound traffic. Rules can only allow traffic, never explicitly deny it. Multiple security groups can be associated with a single resource, and the rules from all are evaluated in combination.

Why it matters

Security groups are the first line of network defense in AWS. An incorrect configuration can expose databases, internal services, or admin panels to the internet. Following the principle of least privilege in security groups (only opening exactly the necessary ports to the necessary sources) is a fundamental security practice that prevents unauthorized access and reduces the attack surface.

Practical example

A web application has three tiers: a public load balancer, application servers, and a database. The load balancer’s security group only allows inbound traffic on ports 80 and 443 from any IP. The application servers’ security group only allows traffic on port 8080 from the load balancer’s security group. The database’s security group only allows traffic on port 5432 from the application servers’ security group. Each tier is only accessible from the previous tier, and the database is never directly exposed to the internet.

Related terms

• EC2
• Load Balancer
• DevOps