Difference between security groups (on AWS) and iptables

linux nginx amazon-web-services security-groups

Solution 1:

As Tim told in comment, UFW is the frontend to iptables, so you should really compare iptables capabilities with Amazon Security Groups.

For me main SG advantage is integration to AWS infrastructure. It allows you to build entire stack using Amazon CloudFormation, get details about opened/closed ports/addresses via API etc. Disadvantages - it's vendor-locked, meaning you will need to redo everything if you decide to change hosting provider.

First of all, check Amazon VPC limits. If your rules count is within limits and your case doesn't require anything special like NAT implemented by iptables, it's sufficient to use Amazon SG only and leave UFW open. You can check this question as well for more details: Why have both security groups and iptables on Amazon EC2?

Related

DKIM: Can I use a RSA key larger than 2048bit, i.e. 4096?
Sending logs to Graylog2 server
Confused by CPU values in Unix 'top' command
Can't establish VPC peering connection from Amazon Lightsail
Benefits of using a subdomain for sending email?
GoDaddy SSL Certificate Issues With Safari
What happens when I change a Name Server record or an A record in the Zone file or the DNS settings?
RemoteApp .rdp embed creds?
Using tsconfig/tsadmin in Windows Server 2012 locally
Anonymous file sharing without login window, from Windows 7 server to XP clients
How can I backup multi-gigabyte databases in MySQL? Bonus points for speedier restores
Is it a security risk to run my crontab jobs as root?