Page last modified 02:41, 12 Dec 2008 by matt

RightScale Support Wiki > Tutorials > Amazon Web Services (AWS) > Website Edition > Deployment Setup > Create a Security Group

Create a Security Group

1. Objective
2. Setup a Security Group

Objective

The security group defines which ports are opened in Amazon's firewall to allow incoming connections to your instance. For sub-accounts, the default group we provide allows ingress on the SSH, HTTP, and HTTPS ports. If you are using a direct account, the default security group created by Amazon does NOT allow any incoming connections. You will need to create a security group for your production instances.

NOTE: You can only create a security group with a Developer, Website, Grid, or Premium account. Windows Users should click here and follow those instructions.

Setup a Security Group

In the RightScale Dashboard, go to Clouds -> AWS -> Security Groups. By default, there is already a default user group listed. But, you'll need to create a custom security group to handle your production deployment.

Click the New button.

Call the Group Name production and add a brief description. Click Create.

We will need to open two ports to provide access to any instances that are in this security group. To open a port, go to "Add IPs" and enter the port numbers that you want to open.

Enter the following port numbers and click Add.

Open a port for 22. You need to open this port so that you can SSH into your instance and to also provide access for the Dashboard to interface with your instance.
Open a port for 80. You need to open this port so that you can access your web application via a web browser.
Make sure that the TCP IPs is set to 0.0.0.0/0 and not 0.0.0.0/32.

If you need ssl, you'll probably want to add port 443. If there are other services that need to be publicly accessible, you'll also need to create the appropriate open ports.

AWS provides a feature that allows you to grant access to a specfic security group without allowing access to the rest of the world. However, it's important that machines within the production security group are able to access each other.

To grant them access, enter production in the “Add Group” section and click Add.

Congratulations! You created a Security Group that you can use for your "production" deployment where you've defined two open ports (22 and 80) and a "production" group that has private access to the deployment. Anyone who is not a member of the "production" group will not be able to access the site.

----------------------

Did you find this document helpful? Please feel free to leave us a comment below so that we'll know how we can improve our documentation. Thanks!

Retrieved from "http://wiki.rightscale.com/1._Tutorials/02-AWS/02-Website_Edition/2._Deployment_Setup/1._Create_a_Security_Group"

Tag page
What links here

Files 0

Attach file or image

Images 6

Viewing 1 - 6 of 6 images | View All

Security Group Home
01-securi... Actions

All Permissions

06-securi... Actions

Production Group

05-securi... Actions

Add port 22

03-securi... Actions

Add port 80

04-securi... Actions

Create a Security Group
02-securi... Actions

Viewing 3 of 3 comments: view all

haroldship says:

I'm confused about the "group". It says above "Anyone who is not a member of the "production" group will not be able to access the site."

How do I manage this group? E.g. how do I add users?

Posted 10:09, 18 Aug 2008

danlunde says:

What IP range can I use so that I can access the instance via the RightScale SSH Console, but not open SSH to any IP?

Posted 20:59, 17 Oct 2008

jasonbedell says:

danlunde, you need to find out what IP address range you appear to come from on the internet. If you are trying from a home/office that receives an IP from DHCP, you will need to try and narrow down the network ID portion of your address over time. It is common to leave SSH open from all IP's however.

Posted 20:23, 22 Oct 2008