back
loading skill details...
>
Network Security Groups
Table of Contents
Overview
When to Use
Quick Start
Reference Guides
Best Practices
Overview
Implement network security groups and firewall rules to enforce least privilege access, segment networks, and protect infrastructure from unauthorized access.
When to Use
Inbound traffic control
Outbound traffic filtering
Network segmentation
Zero-trust networking
DDoS mitigation
Database access restriction
VPN access control
Multi-tier application security
Quick Start
Minimal working example:
# aws-security-groups.yaml
Resources:
# VPC Security Group
VPCSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: VPC security group
VpcId: vpc-12345678
SecurityGroupIngress:
# Allow HTTP from anywhere
- IpProtocol: tcp
FromPort: 80
ToPort: 80
CidrIp: 0.0.0.0/0
Description: "HTTP from anywhere"
# Allow HTTPS from anywhere
- IpProtocol: tcp
FromPort: 443
ToPort: 443
CidrIp: 0.0.0.0/0
Description: "HTTPS from anywhere"
# Allow SSH from admin network only
- IpProtocol: tcp
// ... (see reference guides for full implementation)
Reference Guides
Detailed implementations in the references/ directory:
Guide
Contents
AWS Security Groups
AWS Security Groups
Kubernetes Network Policies
Kubernetes Network Policies
GCP Firewall Rules
GCP Firewall Rules
Security Group Management Script
Security Group Management Script
Best Practices
✅ DO
Implement least privilege access
Use security groups for segmentation
Document rule purposes
Regularly audit rules
Separate inbound and outbound rules
Use security group references
Monitor rule changes
Test access before enabling
❌ DON'T
Allow 0.0.0.0/0 for databases
Open all ports unnecessarily
Mix environments in single SG
Ignore egress rules
Allow all protocols
Forget to document rules
Use single catch-all rule
Deploy without firewall
1d:[don't have the plugin yet? install it then click "run inline in claude" again.