# Understanding Security Groups

In this lesson, you will learn about security groups, which act as virtual firewalls for your AWS resources. You will understand how to configure inbound and outbound rules to control traffic and apply security groups to your EC2 instances.

## Learning Objectives
- Define security groups and their purpose.
- Configure inbound and outbound rules for security groups.
- Apply security groups to AWS resources.
- Understand the default security group settings.
- Recognize the importance of security group best practices.

## Why This Matters

Security groups are crucial for protecting your AWS resources from unauthorized access by controlling traffic. They allow you to specify which traffic is permitted to reach your instances and which traffic can leave them, thereby enhancing the security of your applications.

## Security Groups

Security groups are virtual firewalls that control inbound and outbound traffic to AWS resources, primarily EC2 instances. They allow you to specify which traffic is permitted to reach your instances and which traffic can leave them.

In [None]:
# Example: Creating a Security Group
import boto3

# Initialize a session using Amazon EC2
session = boto3.Session(region_name='us-east-1')
ec2 = session.resource('ec2')

# Create a security group
security_group = ec2.create_security_group(GroupName='my-security-group', Description='My security group')
print(f'Security Group Created: {security_group.id}')

### Micro-Exercise 1: Define Security Groups

Define security groups in your own words. 

**Hint:** Think about their role in traffic control.

In [None]:
# Starter Code for Micro-Exercise 1
# Write your definition of security groups below:

# Your definition here

## Configuring Rules

Configuring rules in security groups involves defining inbound and outbound rules that specify allowed protocols, ports, and source/destination IP ranges. This ensures that only necessary traffic is allowed.

In [None]:
# Example: Configuring Inbound Rules
import boto3

# Assume security group ID is known
security_group_id = 'sg-12345678'

# Initialize a session using Amazon EC2
session = boto3.Session(region_name='us-east-1')
ec2 = session.client('ec2')

# Authorize inbound traffic for HTTP and SSH
response_http = ec2.authorize_security_group_ingress(
    GroupId=security_group_id,
    IpPermissions=[
        {
            'IpProtocol': 'tcp',
            'FromPort': 80,
            'ToPort': 80,
            'IpRanges': [{'CidrIp': '0.0.0.0/0'}]
        },
        {
            'IpProtocol': 'tcp',
            'FromPort': 22,
            'ToPort': 22,
            'IpRanges': [{'CidrIp': '0.0.0.0/0'}]
        }
    ]
)
print('Inbound rules configured for HTTP and SSH.')

### Micro-Exercise 2: List Types of Rules

List at least three types of rules you can configure in a security group. 

**Hint:** Consider inbound and outbound traffic types.

In [None]:
# Starter Code for Micro-Exercise 2
# List the types of rules below:

# Your list here

## Examples

### Example 1: Configuring Inbound Rules
This example demonstrates how to configure inbound rules to allow HTTP and SSH traffic.
```python
aws ec2 authorize-security-group-ingress --group-id sg-12345678 --protocol tcp --port 80 --cidr 0.0.0.0/0
aws ec2 authorize-security-group-ingress --group-id sg-12345678 --protocol tcp --port 22 --cidr 0.0.0.0/0
```

### Example 2: Configuring Outbound Rules
This example shows how to set outbound rules to allow all traffic.
```python
aws ec2 authorize-security-group-egress --group-id sg-12345678 --protocol -1 --port all --cidr 0.0.0.0/0
```

## Main Exercise
In this exercise, you will create a security group with specific inbound and outbound rules and apply it to an EC2 instance.

### Steps:
1. Log in to the AWS Management Console.
2. Navigate to the EC2 service.
3. Create a new security group with specific inbound and outbound rules.
4. Launch an EC2 instance and apply the newly created security group.

### Expected Outcomes:
- Successfully created a security group with specified rules.
- Applied the security group to an EC2 instance.

In [None]:
# Example: Applying Security Group to EC2 Instance
import boto3

# Initialize a session using Amazon EC2
session = boto3.Session(region_name='us-east-1')
ec2 = session.resource('ec2')

# Launch an EC2 instance with the security group
instance = ec2.create_instances(
    ImageId='ami-12345678',
    MinCount=1,
    MaxCount=1,
    InstanceType='t2.micro',
    SecurityGroupIds=['my-security-group']
)
print(f'EC2 Instance Created: {instance[0].id}')

## Common Mistakes
- Not configuring rules correctly, which can lead to either overly permissive access or blocking legitimate traffic.

## Recap
In this lesson, we covered the importance of security groups in AWS, how to configure inbound and outbound rules, and how to apply them to EC2 instances. In the next lesson, we will explore more advanced security features and best practices for securing your AWS environment.