I prefer to use Security Groups to protect EC2 from external communication.
I can't find the documentation, but EC2 stats checks should work fine even if all packets are droped using iptables. However, I don't know about other services.
Hi Shibata. Thanks for your reply!
Security Groups is not a bad option, but it can't replace IPTABLES in full. It's only possible to create complex rules (using states and expressions) with IPTABLES.
It's not clear to me whether IPTABLES rules prevent any AWS functionaly to work
So far, I think I should combine both IPTABLES and Security Groups.
For example, on Security Groups I would allow traffic on 22 and 3306 ports. On IPTABLES I would allow all traffic, but drop those with bad flags.
In other words, on Security Groups I could configure what is allowed and on IPTABLES I could configure how its allowed
- AWS OFFICIALUpdated 4 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 8 months ago
- Why am I receiving errors when using yum on my EC2 instance running Amazon Linux 1, Amazon Linux 2, or Amazon Linux 2023?AWS OFFICIALUpdated 7 months ago
- EXPERTpublished 4 months ago