Should you use iptables with EC2 instances?

You can use ec2-authorize to specify what kind of traffic to allow to your ec2 instance. Is it still a good idea to run iptables, or is that introducing unnecessary complexity?


Some reasons why you might consider activating iptables:

  • can use to block outgoing trojans, eg block outgoing smtp 25, and you provide defense against spam trojans
  • what if the Amazon firewall is disactivated for some reason by Amazon by accident?
  • what if the instance is started with an inappropriate security group, or there is an issue with the security group's configuration?

Activating iptables provides defense in depth, and is easy to configure, eg with ufw:

sudo ufw default allow
sudo ufw enable
sudo ufw allow 22/tcp    # allow ssh
sudo ufw default deny

# sudo ufw allow 80/tcp   # uncomment this line to allow incoming http
# sudo ufw allow 443/tcp  # uncomment this line to allow incoming https

(note: this won't block outgoing smtp, but it does show that getting a basic iptables configuration setup is fairly painless, and then you can tweak this if you like vi /etc/ufw/*.rules)