What are the default security group settings in Turbot?

Turbot has default configurations for the Default Security Group for both ingress and egress rules when a Network is being created. These configurations can be changed during the Network creation process or updated after the fact through the Turbot API.

When customers configure their own Default Security Group rules, the defaults are no longer visible. For reference, the following configurations are used as the default configurations for the Default Security Group ingress and egress rules in Turbot:

Ingress Rules:

# ICMP (e.g. ping) from Intranet for
# troubleshooting
- from: intranet
  ipProtocol: icmp
  fromPort: -1
  toPort: -1

# SSH from Bastion
- from: bastion
  ipProtocol: tcp
  fromPort: 22
  toPort: 22

# Windows RDP from Bastion
- from: bastion
  ipProtocol: tcp
  fromPort: 3389
  toPort: 3389

# Windows RDP from Bastion
- from: bastion
  ipProtocol: tcp
  fromPort: 5985
  toPort: 5985 

Egress Rules:

# Any VPC resource can try connecting on any
# port to any other VPC resource.
# Note: VPC resources block inbound connections
# on most ports even from other VPC resources.
- to: vpc
  ipProtocol: -1
  fromPort: -1

# ICMP to anywhere for troubleshooting
- to: internet
  ipProtocol: icmp
  fromPort: -1

# HTTP to anywhere
- to: internet
  fromPort: 80

# HTTPS to anywhere
- to: internet
  fromPort: 443

# DNS to any DNS server
- to: internet
  fromPort: 53
- to: internet
  ipProtocol: udp
  fromPort: 53

# NTP to any NTP server
- to: internet
  ipProtocol: udp
  fromPort: 123

# Active Directory - Samba
- to: intranet
  fromPort: 445

# Active Directory - Kerberos
- to: intranet
  fromPort: 88
- to: intranet
  ipProtocol: udp
  fromPort: 88

# Active Directory - LDAP
- to: intranet
  fromPort: 389
- to: intranet
  ipProtocol: udp
  fromPort: 389

# Active Directory - LDAPS
- to: intranet
  fromPort: 636

# Active Directory - Global Catalog
- to: intranet
  fromPort: 3268
  toPort: 3269

# Active Directory - RPC
- to: intranet
  fromPort: 135
- to: intranet
  ipProtocol: udp
  fromPort: 135

# Active Directory - NTP
- to: intranet
  ipProtocol: udp
  fromPort: 123

 

Was this article helpful?
0 out of 0 found this helpful