There are 2 different securing option for EC2 instances in AWS. Those are ACL’s and Security Groups. While ACL’s secure Subnets, Security Groups are related generally between instances(private subnet). If you want to secure your environment you must careful about both of them.
In the cloud environment, every instance works for different necessity so that reason they are needs different ports for their things done. Otherwise, they have also similarities. That means if you work with Linux environment ssh port or Windows side RDP or even if you cluster your Web servers 443 or 80 should be open for them.
In this blog post, I’ll share how to attach 2 different Security Groups for your instances. If you are Ansible guy as me. I think this configuration gonna make your code base better and simpler than before.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 |
# Valid with Ansible version 2.3 - ec2_group_facts: region: "{{VpcRegion}}" filters: vpc-id: "{{vpc_facts.vpcs[0].id}}" register: security_group_facts - ec2_group_facts: region: "{{VpcRegion}}" filters: group-name: "{{item}}" vpc-id: "{{vpc_facts.vpcs[0].id}}" with_items: - sg_Application_spesific - sg_CommonRules # General rules for all similar type instances register: security_group_facts_again - name: Show all security groups debug: var: security_group_facts_again verbosity: 3 # make array our sec groups as like [sg-XXX , sg-YYY] - set_fact: security_group_ids: [ "{{(security_group_facts_again.results|map(attribute='security_groups')|list)[0][0].group_id}}" , "{{(security_group_facts_again.results|map(attribute='security_groups')|list)[1][0].group_id}}"] - name: Instance security groups debug: var: security_group_ids verbosity: 3 |
1 2 3 4 5 6 7 8 9 10 11 |
- name: Spin up instance ec2: .... .... .... .... .... group_id: "{{security_group_ids|list}}" .... .... .... |
That’s all!!! you got the idea.
Now it’s time to make your Infrastructure as Code more secure and easy to manage.