EC2 & Security Groups
Source: doonops-curriculum/aws-compute--ec2-and-sg.md
Doonops lesson
Goal
EC2 = virtual computer. Security Group = firewall jacket around it.
Simple explanation
EC2 in private subnet = laptop in bedroom (not on street). SG = rules: who can knock on port 80, 443, 22.
Technical view
EC2 in private subnet = laptop in bedroom (not on street). SG = rules: who can knock on port 80, 443, 22.
Think of it like
EC2 in private subnet = laptop in bedroom (not on street). SG = rules: who can knock on port 80, 443, 22.
Steps
- Read simple section
- Read analogy + diagram
- Copy project files
- Do local lab
Deep explanation
Layman words first, then technical detail — read slowly
Security group stateful: return traffic allowed if inbound allowed.
Pattern: ALB SG allows 80 from world; App SG allows 80 only from ALB SG (not from 0.0.0.0/0).
Example (Doonops)
Modern HCL — names are examples, not from any third-party course
# see project files
Terraform runs on your computer — copy this HCL into a folder, then follow the local lab steps below.
Quick check
- Explain topic to a friend in 2 sentences
- Did local lab steps
Project files for this lab
Full implementation folder — copy all files, then run terraform commands
Lab project files (full folder)
Copy every file below into one folder — same as a real repo module. Then run the local lab steps.
Suggested folder: Suggested path: ~/doonops-terraform/11-ec2-sg/
versions.tfSee file purpose in the code belowterraform {
required_version = ">= 1.9.0"
}