AWS Security GroupsTue, Jul 18, 2017
A security group acts as a virtual firewall that controls the traffic for one or more instances. When you launch an instance, you associate one or more security groups with the instance. You add rules to each security group that allow traffic to or from its associated instances. You can modify the rules for a security group at any time; the new rules are automatically applied to all instances that are associated with the security group.
Security Groups V/S IAM Groups
There is no relation between a security group and an IAM group, they have nothing to do with each other.
- Security Groups: Security groups are like a firewall for your EC2 instances. They determine: (a) which computers can connect to your EC2 instance, and (b) on which ports other computers can connect.For example, they say that the world can connect to your http port, or that only your local computer can SSH into the EC2 instance. The security groups say nothing about which people can connect to your EC2 instance.
- IAM Groups: IAM Groups are a way of grouping IAM users and IAM roles. Permissions given to an IAM Group are passed onto their group members (users and roles). The IAM permissions given to an IAM Group (or IAM user or IAM role) determine which AWS API commands can be executed using the AWS CLI or any of the many AWS SDKs.