Languages Available: Español (Latinoamérica) | Español (España) | Français | Bahasa Indonesia | Italiano | 日本語 | 한국어 | Português (Brasil) | 中文(简体)
This lab demonstrates how to lockdown security groups to appserver via a bastion host using SSM.
Level
Fundamental
Duration
1 Hours 0 MinutesCourse Objectives
In this course, you will learn how to:
- Examine security groups and determine what traffic is allowed
- Change which security groups are applied to Amazon EC2 instances
- Update security groups to follow the principle of least privilege
- Understand how security groups can reference other security groups
- Understand how to leverage Session Manager to connect to instances
Intended Audience
This course is intended for:
- Architects
- Security Engineers
Prerequisites
We recommend that attendees of this course have the following prerequisites:
- Access to a notebook computer with Wi-Fi and Microsoft Windows, macOS, or Linux (Ubuntu, SuSE, or Red Hat)
**Note** The lab environment is not accessible using an iPad or tablet device, but you can use these devices to access the student guide.
For Microsoft Windows users: Administrator access to the computer
An internet browser such as Chrome, Firefox, or Internet Explorer 9 (previous versions of Internet Explorer are not supported)\
Optional: An SSH client such as PuTTY
Course Outline
- Task 1: Inspect VPC resources and the AppServer
- Task 2: Test SSH connectivity to AppServer from public instances
- Task 3: Restrict SSH access to AppServer from a specific IP address
- Task 4: Restrict SSH access by referencing a security group as the inbound source
