Firewalls in Amazon EC2 : iptables and security group

Amazon EC2 iptables

Amazon Web Services offers Amazon Elastic Compute Cloud service, also known as Amazon EC2. According to AWS Definition:
Amazon Elastic Compute Cloud (Amazon EC2) is a web service that provides resizable compute capacity in the cloud.  It is designed to make web-scale computing easier for developers.
Yes Amazon EC2 is a cloud computing service offering scalable, pay as you go service. And it can be launched from amazon web console. Once an Amazon EC2 instance is created first thing we might want to do is open ports so that the Amazon EC2 will be accessible. By default, the Amazon EC2 instance is accessible by SSH. But ports for http, https, smtp, pop, imap are not open by default in Amazon EC2. Here in this post we will learn how to open http port 80.

Amazon EC2 has a two level of security. One is maintained form the amazon ec2 console. And the other is on the instance itself. Here in this post our EC2 instance is a Linux based instance. So we are more focused on Linux system administration rather than other windows.

Before we open port 80, first lets install Apache so that we can see html files served by apache. For that use your favorite package installer. Now if you try to use the public DNS for the Amazon EC2 instance to access the page served by your page then your won't be able to access. To make this accessible, follow the following steps:

Open /etc/sysconfig/iptables file using the command:
vi /etc/sysconfig/iptables 
and add the following line:
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
save the file and now restart iptables service using the command:
 service iptables restart 
This will open the port of Amazon EC2. Yet we can't access the port. There's one more security level maintained from amazon console. It is the security group the Amazon EC2 has. In the security group, edit the security group and add inbound rule http.

This will now open the port 80 and and now us the public DNS of the Amazon EC2 to access the page served by Apache.

Comments

  1. UnknownMarch 21, 2016 at 2:08 AM

    You can't do this.

    Verify that your Security Group is "attached" to your instance.

    Go to instance, Acions > Networking > Change Security Groups

    ReplyDelete
  2. AnonymousMarch 28, 2016 at 12:35 PM


    Really very nice blog information for this one and more technical skills are improve,i like that kind of post.

    cloud-computing Training in Chennai

    ReplyDelete
  3. UnknownApril 27, 2016 at 4:47 PM

    This comment has been removed by a blog administrator.

    ReplyDelete

Post a Comment

Popular posts from this blog

Automate file upload in Selenium IDE

Image
Selenium IDE is an integrated development environment for Selenium tests. It records your interactions with websites to help you generate and maintain site automation, tests, and remove the need to manually step through repetitive tasks. Selenium IDE can be installed in Google Chrome from  here . For Firefox visit this  link . File upload in Selenium IDE cannot be automated simply by recording from the IDE. Because when we select the file input field, the dialog that opens up is a system window which cannot be controlled by Selenium IDE. Therefore, clicking the input file field to select a file will not work. Also the selected file path is changed to C:\fakepath\filename.extension. So to fix this issue, we need to configure the browser to support file upload and then instead of clicking the input field we set the file using ‘type’ selenium command which is shown below. First, to support file upload in Selenium IDE, configure your browser to support file upload: Visit ‘chrome://
Read more

How To Install and Configure Nextcloud

Image
  Original post: https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-nextcloud-on-ubuntu-20-04 Step 1 – Installing Nextcloud We will be installing Nextcloud using the  Snap  packaging system. This packaging system, available on Ubuntu 20.04 by default, allows organizations to ship software, along with all associated dependencies and configuration, in a self-contained unit with automatic updates. This means that instead of installing and configuring a web and database server and then configuring the Nextcloud app to run on it, we can install the  snap  package which handles the underlying systems automatically. To download the Nextcloud snap package and install it on the system, type: sudo snap install nextcloud Copy The Nextcloud package will be downloaded and installed on your server. You can confirm that the installation process was successful by listing the changes associated with the snap: snap changes nextcloud Copy Output ID Status Spawn
Read more