AWS EC2 Security Groups and Elastic IPs

UpdatedSeptember 16, 2025

•2 min read

Part of seriesDocumenting DevOps Learning Journey

Concepts Covered

1. Security Groups – The AWS Firewall

Security Groups act as virtual firewalls for your EC2 instances. Today, I manually configured inbound and outbound rules for different use cases:

Allowed SSH (port 22) only from my personal IP – instead of 0.0.0.0/0, which I had used earlier (😬 bad practice).
Allowed HTTP (port 80) access from anywhere (0.0.0.0/0) since I want the public to access my deployed web server.
Outbound rules were kept open (default), but noted how we can restrict them for more secure applications.

Troubleshoot Moment:
Initially, I couldn’t SSH into the instance even after configuring the key pair correctly. After double-checking, I realized my local IP had changed (thanks to switching networks), so I updated the security group’s SSH rule with the new IP.

2. Elastic IP – Making Public Access Persistent

Every time an EC2 instance is stopped and restarted, its public IPv4 address changes unless an Elastic IP (EIP) is attached.

To solve this:

Allocated an Elastic IP from the AWS Console.
Associated it with my running EC2 instance.
Now, I can consistently access the instance even after reboots.

Lesson: Always use Elastic IPs for resources that need persistent public access (especially in demo or production environments).

What I Did – Step-by-Step

Launched a t2.micro Ubuntu EC2 instance.
Created a custom security group with:
- SSH: My IP only.
- HTTP: Open to all.
Connected using SSH via terminal.
Installed Apache and tested with a browser.
Allocated and attached an Elastic IP.
Rebooted the instance to verify that the IP remained the same.

Security Note

Avoid keeping port 22 (SSH) open to all IPs (0.0.0.0/0). It’s a major security risk. Use:

Your specific IP (get it from https://whatismyipaddress.com/)
Or better: Set up a bastion host (future topic).

Final Thoughts

Today’s session reminded me how basic networking and access control can either secure or expose your entire cloud environment. It’s not about clicking launch on EC2 — it’s about launching it responsibly.

#ec2

Comments

Join the discussion

No comments yet. Be the first to comment.

Documenting DevOps Learning Journey

Part 12 of 40

In this series, I document my day-by-day DevOps learning journey by building projects using AWS, Docker, Kubernetes, Terraform, and CI/CD, and sharing lessons, challenges, and practical insights along the way.

Up next

Linux Fundamentals for DevOps: User Management, File Operations & Navigation

Introduction Linux is the foundation of most modern DevOps workflows. From managing cloud servers to automating deployments, a DevOps engineer interacts with Linux daily — often without a graphical interface. Mastering these fundamentals isn’t just a...

More from this blog

Transforming DevOps: Building a Production-Ready CI/CD Pipeline

A hands-on story of breaking things, learning, and automating a React app deployment to AWS I built a fully automated CI/CD pipeline that takes a React application from code commit to production deployment on AWS in under 10 minutes. Along the way, I...

Feb 7, 20269 min read

Building a Full-Stack Cricket with Docker Compose deployed on AWS instance

Introduction Today, I'm excited to share how I built a complete full-stack application from scratch using Docker, Node.js, Express, and MySQL. This project is perfect for anyone looking to understand Docker Compose, multi-container applications, and ...

Nov 10, 20259 min read

🚀 Building a Production-Ready Movie Ticketing Platform: A Complete DevOps Journey

From Manual Deployments to Automated CI/CD: How I Built and Deployed BookMyShow Clone on AWS EKS with Zero Downtime 🎯 Introduction Hey there! 👋 Have you ever wondered what it takes to deploy a real-world application with enterprise-grade DevOps p...

Nov 8, 202519 min read

Building a Production-Ready Movie Ticketing Platform with DevOps: A Complete Guide

From Code to Cloud: Deploying BookMyShow Clone with Jenkins, Docker, Kubernetes, and AWS EKS 🎯 Introduction In this comprehensive guide, I'll walk you through building and deploying a production-grade movie ticketing platform using modern DevOps p...

Nov 8, 202519 min read

Building and Deploying a Netflix-Themed Multi-Container Project with Docker Compose

Goal To containerize four simple web pages (Movies, Documentaries, Animations, Webseries) and orchestrate them using Docker Compose, all running on my AWS EC2 instance. Project Structure netflix-docker-compose/ ├── Dockerfile ├── docker-compose.yml ...

Nov 3, 20252 min read

Documenting My DevOps Journey

40 posts

Command Palette