In this step, we will proceed to create the security groups used for our instances. As you can see, these security groups will not need to open traditional ports to ssh like port 22 or remote desktop through port 3389.
Go to VPC service management console
In the Security group name field, enter SG Public Linux Instance.
Keep Outbound rule, drag the mouse to the bottom.
As you can see, the security group we created to use for Linux public instances will not need to open traditional ports to ssh like port 22.
After successfully creating a security group for the Linux instance located in the public subnet, click the Security Groups link to return to the Security groups list.
Click Create security group.
In the Security group name field, enter SG Private Windows Instance.
Scroll down.
For the Instance in the private subnet, we will connect to the Session Manager endpoint over a TLS encrypted connection, so we need to allow outbound connection from our instance to VPC CIDR through port 443.
In this step, we will create security group for VPC Endpoint of Session Manager.
After successfully creating the security group for the Windows instance in the private subnet, click the Security Groups link to return to the Security groups list.
Click Create security group.
In the Security group name field, enter SG VPC Endpoint.
Scroll down.
Add Inbound rule allowing TCP 443 to come from 10.10.0.0/16 ( CIDR of Lab VPC we created ).
So we are done creating the necessary security groups for EC2 instances and VPC Endpoints.