Certified Security - Specialty

Sign Up Free or Log In to participate!

The NAT instance / gateway lecture was not correct about the security group needing http/https to install apps

Ryan mentioned at about 1:50 in the lecture that the security group would need https to download mysql.  Remember that security groups allow "all traffic" outbound by default.  This means for this lecture the only port that needs to be defined is inbound ssh.  This is the case for most of the lectures I have watched.  Other ports need to be defined only if there is a need for inbound traffic to the server (e.g., http/https, sql, icmp, etc.)

2 Answers

Great point thank you!

Port 443 needs to be allowed for the security group of the NAT instance so that the NAT instance can receive routed HTTPS traffic from traffic in private subnets. If port 443 were not allowed, private instances routing their traffic via the NAT instance would have only been able to use HTTP.

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?