Lab 002: Create Security Group
Requirements
The Nautilus DevOps team is strategizing the migration of a portion of their infrastructure to the AWS cloud. Recognizing the scale of this undertaking, they have opted to approach the migration in incremental steps rather than as a single massive transition. To achieve this, they have segmented large tasks into smaller, more manageable units. This granular approach enables the team to execute the migration in gradual phases, ensuring smoother implementation and minimizing disruption to ongoing operations. By breaking down the migration into smaller tasks, the Nautilus DevOps team can systematically progress through each stage, allowing for better control, risk mitigation, and optimization of resources throughout the migration process.
For this task, create a security group under default VPC with the following requirements:
Name of the security group is nautilus-sg.
The description must be Security group for Nautilus App Servers
Add the inbound rule of type HTTP, with port range of 80. Enter the source CIDR range of 0.0.0.0/0.
Add another inbound rule of type SSH, with port range of 22. Enter the source CIDR range of 0.0.0.0/0.
The solution can be implemented using both the AWS Cloud Console and the AWS CLI. This document outlines the CLI-based approach to accomplish these tasks. It is recommended to first explore the AWS Cloud Console for hands-on experience and a practical understanding of the process before utilizing the CLI approach, unless specifically instructed otherwise.
Prerequisites
- AWS CLI is installed and authenticated on the aws-client host.
- If credentials are not configured, run
showcredson the host. - A default VPC exists in the active region.
Steps
SG_NAME="nautilus-sg"
SG_DESCRIPTION="Security group for Nautilus App Servers"
# Discover default VPC id
DEFAULT_VPC_ID=$(aws ec2 describe-vpcs --query "Vpcs[?IsDefault==true].VpcId | [0]" --output text)
# Create security group
aws ec2 create-security-group \
--group-name "$SG_NAME" \
--description "$SG_DESCRIPTION" \
--vpc-id "$DEFAULT_VPC_ID"
# Get created security group id
SECURITY_GROUP_ID=$(aws ec2 describe-security-groups \
--filters Name=group-name,Values="$SG_NAME" Name=vpc-id,Values="$DEFAULT_VPC_ID" \
--query "SecurityGroups[0].GroupId" --output text)
# Add inbound HTTP (80)
aws ec2 authorize-security-group-ingress \
--group-id "$SECURITY_GROUP_ID" \
--protocol tcp \
--port 80 \
--cidr 0.0.0.0/0
# Add inbound SSH (22)
aws ec2 authorize-security-group-ingress \
--group-id "$SECURITY_GROUP_ID" \
--protocol tcp \
--port 22 \
--cidr 0.0.0.0/0
Verification
- Confirm security group
nautilus-sgexists in the default VPC. - Confirm both inbound rules are present: TCP 80 and TCP 22 from
0.0.0.0/0.
aws ec2 describe-security-groups \
--group-names nautilus-sg \
--query "SecurityGroups[0].{GroupName:GroupName,Description:Description,Ingress:IpPermissions}" \
--output json
Cleanup
# Optional cleanup
aws ec2 delete-security-group --group-name nautilus-sg