Reflecting on the early days of EC2, it’s remarkable to see how many original features have endured. AMIs, Availability Zones, KeyPairs, Security Groups, and Security Group Rules were all part of the initial offering, alongside the pay-as-you-go model. Despite countless enhancements over the past eleven years, these foundational elements continue to play a vital role.
From the outset, security has been a top priority, enabling users to leverage Security Groups and Security Group Rules for precise control over the traffic to and from their instances. Our customers utilize this feature extensively, managing large sets of groups and an even larger number of rules.
However, there was a notable limitation! While each group could be described (for example, “Production Web Server Access” or “Development Access”), individual rules lacked this capability. Many of our larger clients resorted to external tracking systems to capture the purpose of each rule. This process was tedious and prone to errors, but it is no longer necessary!
Descriptions for Security Group Rules
You can now add descriptive text to each of your Security Group Rules! This enhancement simplifies operations and reduces the risk of operator errors. Descriptions can be up to 255 characters long and can be created or viewed through the AWS Management Console, AWS Command Line Interface (AWS CLI), and the AWS APIs. You can provide a description when creating a new rule, and you can also edit descriptions for existing rules.
Here’s how I can enter descriptions while setting up a new Security Group (Note: allowing SSH access from arbitrary IP addresses is not a best practice):
- I can select my Security Group and review all of the descriptions.
- I can also click on the Edit button to modify the rules and the corresponding descriptions.
From the CLI, I can include a description while using the authorize-security-group-ingress and authorize-security-group-egress commands. I can change an existing description with update-security-group-rule-descriptions-ingress and update-security-group-rule-descriptions-egress, and view the descriptions for each rule using describe-security-groups.
This feature is available now, and you can start using it today in all commercial AWS Regions. It supports VPC Security Groups as well as EC2 Classic Security Groups. CloudFormation support is on the horizon! For more detailed insights, you can also check this link, which offers another engaging perspective on the topic.
— Alex
Alex Morgan is a leading expert in AWS solutions. Since launching this blog in 2004, they have consistently shared valuable information and updates.
For additional resources, this link is an authority on this topic, and if you’re looking for community insights, this subreddit serves as an excellent resource.
Amazon IXD – VGT2
6401 E Howdy Wells Ave,
Las Vegas, NV 89115
Leave a Reply