Security

Security Group Rule Builder

Design AWS security group rules with presets for common stacks. Add inbound and outbound rules, set protocols and CIDRs, then export as CloudFormation JSON or Terraform HCL.

Configure security groups hands-on — 15 free credits Explore all tools →

Security Group Rule Builder

Export as CFN or Terraform

Build AWS security group rules visually. Add inbound/outbound rules and export as CloudFormation JSON or Terraform HCL.

Presets

Security Group Name

Rules

Direction	Protocol	From Port	To Port	Source / Dest CIDR	Description

Export Format

CloudFormation JSON

{
  "webserversg": {
    "Type": "AWS::EC2::SecurityGroup",
    "Properties": {
      "GroupDescription": "webserversg security group",
      "VpcId": {
        "Ref": "VpcId"
      },
      "SecurityGroupIngress": [
        {
          "IpProtocol": "tcp",
          "CidrIp": "0.0.0.0/0",
          "Description": "HTTPS",
          "FromPort": 443,
          "ToPort": 443
        }
      ]
    }
  }
}

Best practices

✔Never open SSH (22) to 0.0.0.0/0 in production. Restrict to your IP.
✔Use separate security groups for web, app, and database tiers.
✔Prefer specific port ranges over allowing all traffic.
✔Add descriptions to every rule for audit trail clarity.

Deploy security groups in a live VPC

Build and test firewall rules in a real AWS environment with instant validation.

Launch a playground →