Score:4

Is it worth installing UFW on an AWS EC2 instance?

tj flag

I would usually run UFW on servers I deploy, however I've just started using AWS and I see they already provide a firewall, allowing to set inbound/outbound rules, etc.

So I'm wondering if it's ever useful to have both the AWS firewall and UFW running at the same time? Or can I drop UFW altogether?

Tim avatar
gp flag
Tim
What are you trying to achieve? Is your workload particularly sensitive, does it have any compliance requirements like PCI? Defense in depth says you should apply security at multiple layers - eg NACLs, SGs, iptables, etc. In practice I only run security groups for my standard personal workloads, but for sensitive workloads I run everything possible - firewalls, IDS / IPS, Guard Duty, Security Hub, etc.
Colm Bhandal avatar
au flag
Beware if you do enable uwf on an aws instance that you are accessing over SSH. See [this](https://stackoverflow.com/questions/41929267/locked-myself-out-of-ssh-with-ufw-in-ec2-aws). If you are relying on SSH, before enabling uwf then run ``sudo ufw allow OpenSSH``. Otherwise you could get locked out.
Score:5
gh flag

As AWS provides firewall/Security groups which are very efficient, I would say and advocate that it is not required to have a additional firewall program such as UFW.

Also, having the UFW would also tend to cause confusion wrt priority of the rules when we have the set up of firewall/iptables/UFW all together which could be understood by referring the following posts.

  1. How to deny IP ranges with ufw?

  2. https://stackoverflow.com/questions/57436758/does-ubuntu-ufw-overrides-amazon-ec2s-security-groups-and-rules

Please update if you have any further queries.

Score:0
de flag

Check out this thread.

Difference between security groups (on AWS) and iptables

I hope it will give you an answer to your question.

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.