Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [security-groups]

164 questions
11
votes
1 answer

Difference between security groups (on AWS) and iptables

I'm just setting up a server and wondering if it's necessary to set the firewall twice. For example I've a security group with the following open ports: 80, 443, 22 Now I setup my server with UFW (frontend for iptables). Do I have to set my ports…
Nepo Znat
  • 249
  • 3
  • 8
11
votes
2 answers

What is a secure and user-friendly way to provide only a few users access to web app on Amazon EC2?

Situation We have a web app hosted on Amazon EC2. It's intended to be used only by a few users in a company. How we're dealing with this We share the (Elastic) IP address of the instance with the users. We add each user's IP address to the security…
m01010011
  • 211
  • 1
  • 4
9
votes
4 answers

SSH between EC2 instances not permitted

I am setting up a few EC2 instances in a shared AWS account and want to give them access to each other. At the same time I want to prohibit access from other instances in the account. I created a security group and added SSH access from "My IP" for…
Fer Dah
  • 224
  • 1
  • 8
8
votes
1 answer

Managing Security Groups for NTFS Permissions

To start off with, I work for a company that a long time ago when they implemented file shares for each division, they also broke the cardinal rule of NTFS permissions and used explicit permissions for users on certain folders. To give an example of…
takeitback
  • 83
  • 1
  • 6
8
votes
1 answer

Do we need both security groups and server-side firewall in AWS EC2?

EC2 security groups looks awesome, but i am quite new to AWS system, that's why i am asking this question. Do i also need to setup server firewall while having AWS security group? My main point is that in AWS system, do other account can access my…
MomAndDad
  • 183
  • 1
  • 4
7
votes
3 answers

AWS Security Group - how to allow Public IP from another Security Group

I have two instances in a VPC distinct security groups, each with their own public IP. I would like instance one to be able to connect to instance two on it's Public IP. I discovered that granting access to the security group, only allows access to…
darkl0rd
  • 79
  • 1
  • 4
7
votes
4 answers

Is it safe to allow inbound 0.0.0.0/0 on EC2 security group?

I created an EC2 instance on AWS, and I was assigned a default "security group". I understand that this acts as a virtual firewall for my server. I had trouble connecting into this EC2 instance using SSH, and it turned out that the issue was not…
Paul Razvan Berg
  • 201
  • 2
  • 7
6
votes
2 answers

python boto3 allow ingress security groups

I am developing a simple python script to add rules to securitygroups, and I am wondering what is the difference between the two methods available within boto3: authorize_security_group_ingress(**kwargs) and authorize_ingress(**kwargs)? The…
Tom
  • 616
  • 8
  • 13
6
votes
1 answer

Can't ping EC2 instance after enabling ICMP packets

I followed this guide to allow me to ping my EC2 instance. In my security group I have Custom ICMP Rule - IPv4, Echo Reply, N/A, Anywhere. However it simply doesn't work. If i run ping ec2-X-X-X-X.ap-northeast-1.compute.amazonaws.com, or if I run…
JacksonCounty
  • 151
  • 5
5
votes
1 answer

Why EC2 instance continues responding to a ping request after deleting the inbound security group rule?

While playing around with AWS console, I tried the following Launched an EC2 instance (public IP enabled) in the default VPC with the default security group, and default subnet. EC2 launched in the default subnet with a public IP. pinged the EC2…
Nishant
  • 153
  • 3
5
votes
1 answer

EC2 - should security groups be specialized and stacked?

I haven't been able to find any best practices for AWS security groups. I figure there are two approaches I could take, but I'm not sure on if there are any particular drawbacks to either one. Scenario 1: Define small, specialized security groups…
ffxsam
  • 383
  • 2
  • 3
  • 9
4
votes
2 answers

Disable password complexity on Windows 2012 R2

I have a Windows Server 2012 R2 that is my domain controller. I want to disable the password complexity rule for a few users only. I have created a group (called Formation) in AD to identify these domain users. I have defined a GPO in an OU to…
Philippe
  • 155
  • 1
  • 7
3
votes
3 answers

Assign default security group to Elastic Beanstalk instance

I have created a Elastic Beanstalk environment and I have a rails app running which is great. However I am unable to assign is to the default security group. Current config I have added a screenshot to this post showing the current security group…
user440762
  • 31
  • 1
  • 2
3
votes
1 answer

Apache server on EC2 responds on localhost but not public IP

I set up an AWS EC2 server and then Apache. It works fine. Cloned the AMI and shared it with another account. Spun up an instance on the new account and it seems to work fine. I can SSH to the new instance and get a shell. I can get HTTP response…
agentv
  • 890
  • 1
  • 6
  • 11
3
votes
1 answer

Windows - Group Policy - Numerous Share Drives w/ Item-Level Targeting

Overview We have been working on getting our numerous sites to map share drives for each user that needs access to their sites. We have no way of standardizing this from within their AD profile as some users move around a lot and end up not telling…
Scriptguru1701
  • 31
  • 1
1
2 3
10 11