# Security Groups

PREREQUISITES

Adjusting security group permissions has the following prerequisites.

Install AWS CLI.
Ensure your associated IAM user grants the ec2:DescribeSecurityGroups and ec2:AuthorizeSecurityGroupEgress permissions.

If you do not have proper IAM access but need to be added to a private security group please contact an administrator.

# Private HTTP Access

Establishing an HTTP connection to private Solarix resources requires access rights provided by the srn:vpc:solarix::sg/dev-http Security Group.

aws ec2 describe-security-groups --filters Name=tag:srn,Values=srn:vpc:solarix::sg/dev-http \
  --query "SecurityGroups[0].[GroupId]" --output text

This should output an id (e.g. sg-0dba3a38b528b1558).

Add a new ingress rule with tcp protocol, port 80, and your IP address to the matching security group ID:

aws ec2 authorize-security-group-ingress --group-id=<SECURITY_GROUP_ID> --protocol tcp --port 80 --cidr <YOUR_IP>/32

(Optional) If you need HTTPS access then add a second new ingress rule with tcp protocol, port 443, and your IP address to the matching security group ID:

aws ec2 authorize-security-group-ingress --group-id=<SECURITY_GROUP_ID> --protocol tcp --port 443 --cidr <YOUR_IP>/32

Establishing an SSH connection to most Solarix resources requires access rights provided by the srn:vpc:solarix::sg/dev-ssh Security Group.

aws ec2 describe-security-groups --filters Name=tag:srn,Values=srn:vpc:solarix::sg/dev-ssh \
  --query "SecurityGroups[0].[GroupId]" --output text

This should output an id (e.g. sg-0e8fb3035fe472ea1).

Add a new ingress rule with tcp protocol, port 22, and your IP address to the matching security group ID:

aws ec2 authorize-security-group-ingress --group-id=<SECURITY_GROUP_ID> --protocol tcp --port 22 --cidr <YOUR_IP>/32