How to recover from accidental AWS Security Group changes

𝐀𝐖𝐒 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲 𝐆𝐫𝐨𝐮𝐩𝐬: 𝐓𝐡𝐞 𝐅𝐢𝐫𝐞𝐰𝐚𝐥𝐥 𝐨𝐟 𝐭𝐡𝐞 𝐂𝐥𝐨𝐮𝐝 One of the most important parts of AWS networking is 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲 𝐆𝐫𝐨𝐮𝐩𝐬 the rules that control who and what can talk to your instances. Think of them as 𝐯𝐢𝐫𝐭𝐮𝐚𝐥 𝐟𝐢𝐫𝐞𝐰𝐚𝐥𝐥𝐬 for your EC2s.   They decide what’s allowed 𝑖𝑛 and what’s allowed 𝑜𝑢𝑡. Here’s what stood out for me: 🔸They only use 𝐚𝐥𝐥𝐨𝐰 𝐫𝐮𝐥𝐞𝐬: anything not explicitly allowed is automatically blocked. 🔸 𝐈𝐧𝐛𝐨𝐮𝐧𝐝 𝐫𝐮𝐥𝐞𝐬: define what traffic can reach your instance. 🔸 𝐎𝐮𝐭𝐛𝐨𝐮𝐧𝐝 𝐫𝐮𝐥𝐞𝐬: define what your instance can talk to. 🔸 And importantly, they’re 𝐬𝐭𝐚𝐭𝐞𝐟𝐮𝐥: if traffic is allowed in, the response traffic is automatically allowed out. Example:   If you’re running a web server, you’d open 𝐩𝐨𝐫𝐭 𝟖𝟎 (𝐇𝐓𝐓𝐏) or 𝟒𝟒𝟑 (𝐇𝐓𝐓𝐏𝐒), but keep everything else locked down. Simple, clear, and secure. 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲 𝐆𝐫𝐨𝐮𝐩𝐬 are one of those foundational AWS features that look simple at first but become crucial as you build more complex systems. #aws #security #devops #cloud #CoderCo

Security is often overlooked—until a breach exposes its importance. This reactive mindset is risky and costly. In my latest article, I discuss how to proactively secure your AWS resources using AWS Identity and Access Management (IAM), a free service that allows you to manage and control access to your AWS environment with precision and confidence. Big shout out to AWS USER GROUP YAOUNDE Paula Ali Wakabi (Miss Cloud) Women innovating With Cloud in Africa for the #12WEEKSAWSHandsOnChallenge to innovate and master AWS. https://lnkd.in/dRKzSfmb

🚀 Day 31/98 - AWS CloudTrail Overview Today, I learned about AWS CloudTrail, a powerful service that helps you monitor and audit all activities in your AWS environment. 🔍 Key Takeaways: • Tracks and records every API call across AWS services. • Stores logs in Amazon S3 or CloudWatch for easy access. • Enhances security, compliance, and accountability. • Detects unusual behavior and supports forensic investigations. In short, CloudTrail gives you full visibility into everything happening in your AWS account - ensuring your infrastructure stays secure and transparent. #CloudComputing #AWS #LearningJourney #AWSCloudTrail #CloudSecurity #100DaysOfCloud

When many companies, especially in the financial sector, depend on a single cloud provider like AWS, it creates a concentration risk, even with a multi-cloud approach that includes AWS. While AWS provides a robust security framework and tools, the sheer volume of dependencies means that a significant AWS security issue can have a widespread and cascading effect across its customer ecosystem. Source: https://lnkd.in/g4gs4BPM

🔐 Deep Dive into AWS VPC Components: Security Group & NACL Hello everyone 👋 In our previous discussion, we explored the core of AWS networking—the Virtual Private Cloud (VPC)—in depth. Now, let’s zoom into two critical components that govern traffic control within a VPC: 🛡️ 1. Security Groups Security Groups act as virtual firewalls at the instance level, controlling inbound and outbound traffic. 🔧 Key Operations: Associate with EC2 Instance: You can attach one or more security groups during instance launch or modify them later. Edit Inbound/Outbound Rules: Define allowed protocols, ports, and IP ranges. Rules are stateful, meaning return traffic is automatically allowed. Create Custom Security Groups: Tailor rules for specific workloads or environments. 🚧 2. Network Access Control Lists (NACLs) NACLs operate at the subnet level, offering an additional layer of traffic filtering. 🔧 Key Operations: Associate with Subnet: Each subnet can be linked to a single NACL. Edit Allow/Deny Rules: Explicitly define both allow and deny rules for inbound and outbound traffic. NACLs are stateless, so return traffic must be explicitly allowed. Create Custom NACLs: Build granular access policies for public/private subnets. 🔍 Security Group vs NACL: What’s the Difference? #AWSCertified #RHCSA #AWSCloud #LinuxAdmin #DevOpsEngineer #CloudComputing #ShellScripting #InfrastructureAsCode #AutomationExpert

Terraform plan looks good... but is it secure? A passing plan doesn't mean a secure infrastructure. Misconfigurations are the #1 cause of cloud breaches, and they are often hidden in "valid" IaC code: ❌ An unencrypted S3 bucket. ❌ A public-facing security group on port 22. ❌ An overly permissive IAM role. By the time these are deployed, it might be too late. This is why we advocate for "shifting left." By integrating policy-as-code tools like CheckOv directly into the CI/CD pipeline, we can automatically scan and fail builds before insecure infrastructure is ever created. At TECH HIVE WORLD, we don't just build; we build securely from the first line of code. #TechHiveWorld #DevSecOps #CloudSecurity #Terraform #CheckOv #AWS #CI

🚨 A CRITICAL SSRF flaw (CVE-2025-64709, CVSS 9.6) in Typebot (<3.13.1) allows authenticated users to inject requests, extract AWS EKS IAM credentials, and potentially compromise entire Kubernetes clusters. Immediate upgrade to v3.13.1+ is essential to prevent cloud takeover. Action steps: Patch Typebot, restrict webhook block access, enforce AWS IAM least privilege, and monitor for unusual outbound requests. This vulnerability threatens both confidentiality and integrity—especially for organizations with strict compliance needs. https://lnkd.in/d6fXX4XN #OffSeq #CloudSecurity #AWS #Kubernetes #SSRF

The newly disclosed DDR5 vulnerability does not impact Phala Cloud users. Our workloads run on OVH + Tier-3+ bare-metal data centers w/ full physical security — and soon across GCP, Azure & AWS under our Proof-of-Cloud framework, co-developed by Phala and partners like Secret Network, for verified hardware security: http://proofofcloud.org Read Phala's full statement: https://lnkd.in/g_7KxZbx

Phala stayed steady through the DDR5 exploit, showing exactly why its model stands apart. Proof-of-Cloud already covers what others are only starting to worry about - real-time verification, verified hardware, and secure provenance from chip to cloud. Phala's architecture proves it was built for moments like this.

𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗚𝗿𝗼𝘂𝗽𝘀 𝘃𝘀 𝗡𝗔𝗖𝗟𝘀… Both control traffic in a VPC but they work at different layers. 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗚𝗿𝗼𝘂𝗽𝘀: Operates at the instance level. Stateful - if traffic is allowed in, the response is allowed out automatically. Supports Allow rules only. Best for controlling access to specific servers. 𝗡𝗔𝗖𝗟𝘀 (𝗡𝗲𝘁𝘄𝗼𝗿𝗸 𝗔𝗖𝗟𝘀): Operates at the subnet level. Stateless - inbound and outbound rules must be defined separately. Supports Allow and Deny rules. Best for blocking or filtering traffic before it reaches any instance. Security Groups control traffic to a resource, while NACLs control traffic into the subnet before it reaches the resource. #AWS #Security #Networking #VPC #DevOps #Cloud