Create an AWS Security Group and Rules for Inbound Network Traffic
docx
keyboard_arrow_up
School
Australian Institute of Business *
*We aren’t endorsed by this school
Course
MISC
Subject
Information Systems
Date
Nov 24, 2024
Type
docx
Pages
9
Uploaded by assessmentst
Create an AWS Security Group and Rules for Inbound Network Traffic
Use the
New-EC2SecurityGroup
PowerShell cmdlet to create an AWS security
group.
New-EC2SecurityGroup -GroupName SQLEC2AWSSecGrp -GroupDescription 'SQLEC2AWS
Security Group'
Take note of the output from running the command. This is the ID of the
newly created security group.
After creating the security group, use the
Grant-
EC2SecurityGroupIngress
PowerShell cmdlet to add a specified inbound
(ingress) rule to the security group. Since this is an inbound rule, you must
define the source traffic, the network protocol, and the port number. Note the
following property values:
IpProtocol = "tcp"
– This is the network protocol that will be allowed
for inbound traffic
FromPort = 3389
– This is the port number allowed from the source.
Port 3389 is used for Remote Desktop connection. You will be using the
Remote Desktop Connection app from your machine to connect to this
EC2 instance
ToPort = 3389
- This is the port number allowed to reach the
destination. Port 3389 is used for Remote Desktop connection. The EC2
instance will be accepting Remote Desktop Connection sessions.
IpRanges = @("0.0.0.0/0")
– This is the range of IP addresses you
are allowing to connect to the EC2 instance. Note that the range
provided means you are allowing inbound access from any IPv4
address from any source. This is for demonstration purposes only and
not a security best practice. You don't want your SQL Server EC2
instance to be accessible to the public internet. You can, however,
restrict the
IpRanges
value to only the public IP addresses from your
internal network, assuming you're working from your corporate office
and not from home.
Grant-EC2SecurityGroupIngress -GroupName SQLEC2AWSSecGrp -IpPermissions
@{IpProtocol = "tcp"; FromPort = 3389; ToPort = 3389; IpRanges =
@("0.0.0.0/0")}
Create the SQL Server on Windows EC2 Instance
After retrieving the properties of the AMI, creating the key pair, the security
group, and the network inbound rules, you can create the SQL Server on
Windows EC2 instance. Use the
New-EC2Instance
PowerShell cmdlet to
create the SQL Server on Windows EC2 instances. Note the following
parameters:
ImageId
. This is the
ImageID
value of the AMI when you ran the Get-
EC2Image PowerShell cmdlet
MinCount
. This is the minimum number of EC2 instances to launch.
This applies to workloads that require more than one EC2 instance,
such as a SQL Server Always On Availability Group, and is dictated by
your AWS account's limit
MaxCount
. Similar to the
MinCount
parameter, this is the maximum
number of EC2 instances to launch
KeyName
. This is the name of the security key pair you created using
the New-EC2KeyPair PowerShell cmdlet
InstanceType
. This is the size of the EC2 instances. This example uses
the
t3.xlarge
size
SecurityGroup
. This is the name of the security group you created
using the New-EC2SecurityGroup PowerShell cmdlet
New-EC2Instance -ImageId ami-0cf1df71dc2f19888 -MinCount 1 -MaxCount 1
-KeyName SQLEC2AWSKeyPair -InstanceType t3.xlarge -SecurityGroup
SQLEC2AWSSecGrp
You can use the AWS EC2 Dashboard to confirm the creation of the
resources. The screenshot below displays the newly created EC2 instances.
Note the
Instance Type (t3.xlarge)
and
Availability Zone (us-east-
2b)
properties, assigned with the
New-EC2Instance
and
Set-
DefaultAWSRegion
PowerShell cmdlets, respectively.
The screenshot below displays the associated security group
(SQLEC2AWSSecGrp) and security group inbound rules created with the
New-
EC2SecurityGroup
and
Grant-EC2SecurityGroupIngress
PowerShell cmdlet,
respectively.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
Where are the Networking Components?
You might be wondering where the networking components are since only
the security group and its corresponding rules were created. If you did not
explicitly create the VPC, the subnets, the IP addresses, and the gateways,
AWS will automatically create one for you. Refer to the value of the
VPC
ID
column for the created security group. Clicking on this link will open a new
browser window, redirecting you to the
AWS VPC Dashboard
.
Click on the
Subnets
link to show the created subnet the EC2 instances will
use. Note the assigned IPv4 addresses
(172.31.16.0/20)
and the
Availability
Zone (us-east-2b)
.
Click on the
Internet gateways
link to show the created internet gateway the
EC2 instances will use.
Ideally, you would create the VPC first, then the subnets. Assigning resources
on the subnets will automatically give them IP addresses via dynamic host
configuration protocol (DHCP). If the resources need to access the internet,
an internet gateway is created. Since these tasks are the responsibility of
network engineers, this tip only covers what you need to know to create and
launch a SQL Server on Windows EC2 instances.
Displaying Properties of the SQL Server on
Windows EC2 Instances using Windows PowerShell
You can use the
Get-EC2Instance
PowerShell cmdlet to return a list of all the
instances in your account. It's confusing since the Get-EC2Instance
PowerShell cmdlet returns a
reservation object
, not the instances
themselves.
NOTE:
Using the New-EC2instance PowerShell cmdlet always creates
instances in batches called reservations. A reservation is a batch of
instances launched at the same time. In the example above, a batch of size
one is created using the MinCount and MaxCount parameters of the New-
EC2Instance.
To display the list of instances in your AWS account, run the PowerShell
command below. Note the
InstanceId
property value. You will use this to
explore the different properties of the EC2 instances.
(Get-EC2Instance).Instances
It takes time to create an EC2 instance, together with the required resources.
Before you can log in to the Windows Server via Remote Desktop, the EC2
instance needs to be in a
Running
state. Run the PowerShell commands
below to display the Status and Instance State of the EC2 instance.
(Get-EC2InstanceStatus).Status
(Get-EC2InstanceStatus).InstanceState
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
You need the public DNA name or the public IP address to connect to the EC2
instance via the internet. Run the PowerShell commands below to display the
public DNS name and public IP address of the EC2 instance. Use any of the
results in your Remote Desktop connection.
(Get-EC2Instance).Instances.PublicDnsName
(Get-EC2Instance).Instances.PublicIpAddress
You still need the local Administrator account's password. Remember the
generated PEM file using the New-EC2KeyPair PowerShell cmdlet? To retrieve
the local Administrator account's password, decrypt the PEM file using
the
Get-EC2PasswordData
PowerShell cmdlet. The
InstanceId
parameter
value is from running the Get-EC2Instance PowerShell cmdlet.
Be warned. This isn't your typical complex password. Make sure you type it
correctly when logging in to the EC2 instance using Remote Desktop.
Get-EC2PasswordData -InstanceId i-00513168b607f03f1 -PemFile
C:\AWS\SQLEC2AWSKeyPair.pem -Decrypt
Once logged in, check the desktop wallpaper. This shows the property of the
EC2 instance you created. To validate the SQL Server version and edition,
open SQL Server Management Studio.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help