CFDDFC on AWS: Configure a Security Group

Security Group Overview

A security group acts as a virtual firewall for EC2 instances which controls incoming and outgoing traffic. Inbound rules control the incoming traffic to an instance, and outbound rules control the outgoing traffic from an instance. Users must configure a security group with inbound rules that provide access to their instances running CFDDFC. Security groups are specific to the region selected within EC2. This page describes the configuration of one or more security groups that can be reused for the instances they launch.

Security Group Configuration

Inbound Rule for SSH connections

• Under Inbound Rules, click Add Rule.
• From the Type menu, select SSH which opens traffic on port 22.
• From the Source menu, the user can choose from the following two options.
• Either Anywhere IPv4 which supports connections from computers with any public IP address.
• Or My IP, which restricts connections only to the user’s current public IP address, displayed in CIDR notation as <IP address>/32.

Note: Anywhere IPv4 is not insecure since all connections still require authentication, e.g. using key-pairs.

Inbound Rule for Browser Desktop with Web CFDDFC

• With Web CFDDFC, the Browser Desktop connects via port 8443.
• To use the Browser Desktop, click Add Rule.
• Use Custom Rule and under Port Range enter 8443.
• From the Source menu, choose the IP range as in the SSH Rule above.

Finish

• With the Rules set, click Create Security Group at the bottom of the screen.
• If necessary, the Security Group can be edited at any time to modify the Rules.

Further information

See the Amazon EC2 security groups for Linux instances.

Next Step → Create an SSH Key Pair