Contents of this page:
- These notes were originally written 2018
- If you check the IAM users section in AWS, you’ll see user accounts.
- Click through and you’ll see access policies.
- Click Show Policy and you’ll see what a policy looks like.
- I’ve never created one of these policies from scratch, but
there’s plenty of documentation online.
- This allows users to access the relevant S3 bucket
Security Groups – EC2
- Start in EC2
- You can set up a server to only run on some networks
- Might mean you can’t access it from home
- You could use a VPC to work from home – use private IPs, not
public – so others can’t access the server
- To add an office: Add IP address of the network to security
groups – then everyone there can access your server
- If you want to add security for any EC2 instance, eg outbound or
- Select the instance
- Scroll to the far right to see security group
- Click on the link
- !! Note that if you start from Security Groups (listed on the
left in EC2), it doesn’t display them all at once, so you might
need to click (top right) for the next page of results
- Click Edit
- You need to enable
- ssh access (port22)
- http access (port80)
- Custom TCP Rule (port 8153) (this is to enable http)
- HTTPS access (port 443)
- Custom TCP Rule (port 8154) (this is to enable HTTPS)
- !! Some of the IPs you see configured might be third parties like
an ISP provider
- Don’t remove access without checking first !!
- If adding access from home, to find your external IP address you can
use this site:
- If you want to connect to any machine, you can just click the
Connect button in EC2 (at the top of the list of instances, when
you’ve selected an instance) – same as for CodeCommit
- But will only work if ssh is enabled on the inbound route in