AWS security group limits Q&A

Here are a few questions that I asked AWS regarding the security group limits and their answers. Just like to share it with more people here:

Screen Shot 2016-11-24 at 8.59.19 AM.png

1) Q: By default, it is 50 limit for both inbound and outbound (giving 100 rules in total). Is it possible to set a different limit to inbound and outbound. For example, 80 limit for inbound, 20 limit for outbound (still giving a total 100 combined rules).

A: Unfortunately no, inbound and outbound traffic are processed separately, therefore the limit is set for both of them separately, the limits for inbound and outbound rules are always the same, when you update the limit, it applies to both inbound and outbound.

2) Q: Is the limit a global setting? or it can be set on a particular security group?

A: The limit is a regional setting, it will apply to all the security groups in the same region.

3) Q:  If it is global settings, will it impact the existing security groups? For example, I decrease the inbound limit to 30, but there is already a security group with 40 inbound rules. What will happen?

A: Before applying to decrease the inbound limit to 30, you need to make sure you don’t have any security groups at the moment which have more than 30 rules. If you have security groups with 40 rules, the change cannot be made, you’ll be asked to delete/modify the security groups which do not meet the requirement.

4) Q: Each NIC has maximum 250 rules (the multiple of the limit of security group per NIC and the limit of the rules per security group). Is it a global setting as well? If so, will the change impact the existing ones which violate the limits.

A: The maximum 250 rules limit is a global hard limit, exceeding the 250 rules per interface limit can have a negative impact on performance, not only for your instances, but also for any other customers’ instances running on the same underlying hardware. And similar to what has been discussed in question 3, you have to make sure all your existing security groups do not violate the limit after the change before applying for the change on limits. I hope this helps, please do feel free to come back to us at any time if you need further assistance.




Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s