Join Log in
Score:4
laurent avatar Server

Is it worth installing UFW on an AWS EC2 instance?

tj flag
laurent

I would usually run UFW on servers I deploy, however I've just started using AWS and I see they already provide a firewall, allowing to set inbound/outbound rules, etc.

So I'm wondering if it's ever useful to have both the AWS firewall and UFW running at the same time? Or can I drop UFW altogether?

2146
2 + 1
ufw
Tim avatar
gp flag
Tim
What are you trying to achieve? Is your workload particularly sensitive, does it have any compliance requirements like PCI? Defense in depth says you should apply security at multiple layers - eg NACLs, SGs, iptables, etc. In practice I only run security groups for my standard personal workloads, but for sensitive workloads I run everything possible - firewalls, IDS / IPS, Guard Duty, Security Hub, etc.
1
Reply
Colm Bhandal avatar
au flag
Colm Bhandal
Beware if you do enable uwf on an aws instance that you are accessing over SSH. See [this](https://stackoverflow.com/questions/41929267/locked-myself-out-of-ssh-with-ufw-in-ec2-aws). If you are relying on SSH, before enabling uwf then run ``sudo ufw allow OpenSSH``. Otherwise you could get locked out.
0
Reply
Score:5
Anbu Thirugnana Sekar avatar Server
gh flag
Anbu Thirugnana Sekar

As AWS provides firewall/Security groups which are very efficient, I would say and advocate that it is not required to have a additional firewall program such as UFW.

Also, having the UFW would also tend to cause confusion wrt priority of the rules when we have the set up of firewall/iptables/UFW all together which could be understood by referring the following posts.

  1. How to deny IP ranges with ufw?

  2. https://stackoverflow.com/questions/57436758/does-ubuntu-ufw-overrides-amazon-ec2s-security-groups-and-rules

Please update if you have any further queries.

0 + 0
Score:0
avatar Server
de flag
John Malloc

Check out this thread.

Difference between security groups (on AWS) and iptables

I hope it will give you an answer to your question.

0 + 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.