Create Security Group-EC2

Create Security Group

  • Security group is a type of virtual firewall that can allow traffic flows from outside the internet to access resources in the cloud.
  • We will create security group for EC2 (Bastion-host)
    • Click Create a Security Group
    • Security Group name: d-sg-bastion-host
    • Description: Allow ssh from internet
    • VPC: d-vpc-01-vpc (Specify VPC for SG) Security Group
  • Inbound rules
    • Type: SSH
    • Protocol: TCP
    • Port range: 22
    • Source: Anywhere
    • Description: allows ssh from internet Security Group

Completed Security Group for EC2

Security Group

Launch EC2 (Bastion-host)

  • Create EC2 so you can pull source code from Git Hub and push docker images to AWS ECR.
  • Name and tags
    • Key: Name
    • Value: d-ec2-bastion-host
    • Resource types: Instance EC2
    • Amazon machine images: Amazon Linux 2023 AMI EC2
    • Instance type: t2.micro EC2
    • Key pair (login): linux.aws-test EC2
  • Network settings
    • VPC: d-vpc-01-vpc
    • Subnet: d-vpc-01-subnet-public-ap-southeast-1a
    • Auto assign public IP: Enable
    • Firewall (security group): Select existing security group
    • Common security group: d-sg-bastion-host
    • Click Launch instance EC2

Modify IAM role for EC2(Bastion-host)

  • Click EC2 => Action => Security => Modify IAM role IAM role
  • Modify IAM role
    • Instance ID: d-ec2-bastion-host
    • IAM role: IAM-role-allow-EC2-Access-to-ECR
    • Update IAM role IAM role