When you create a security group, it starts with no inbound rules-therefore, all inbound traffic is denied. At the same time, AWS automatically adds a single outbound rule that allows all outbound traffic (all protocols, all ports, 0.0.0.0/0 and ::/0). You must explicitly add inbound rules if you want to permit specific traffic to reach resources associated with the security group. This default configuration aligns with the principle of least privilege by blocking unsolicited inbound access while permitting the instance to initiate outbound connections.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are security groups in AWS VPC?
Open an interactive chat with Bash
What is the principle of least privilege?
Open an interactive chat with Bash
How do I create inbound traffic rules in a security group?