Merge pull request #395 from liatrio/ec2-security-groups

Adding paragraph about using the PoLP in AWS security groups
liatrio · Sep 21, 2023 · 569bb9d · 569bb9d
2 parents 66025fc + 226444a
commit 569bb9d
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/docs/4-cloud-computing/4.2.2-ec2.md b/docs/4-cloud-computing/4.2.2-ec2.md
@@ -47,6 +47,8 @@ Through these steps you will build two servers on AWS, one as a Jenkins controll
 
    - This security group is where you will handle port forwarding
 
+> When you're creating a security group, it's important to be mindful of what traffic you're allowing. You should always follow the [Principle of Least Privilege](https://www.paloaltonetworks.com/cyberpedia/what-is-the-principle-of-least-privilege) when deciding what traffic you should allow to your instance to reduce the risk of unauthorized users accessing it, even in small-scale projects and exercises like this. In other words, your security groups should always only allow traffic from those who *need* to access your instance.
+
 3. Create a Jenkins controller (*master*) instance and make of note of the Instance ID and Public DNS name.
 
    - Find a CentOS AMI on the marketplace.