TechOps Examples

Hey — It's Govardhana MK 👋

Welcome to another technical edition.

Every Tuesday – You’ll receive a free edition with a byte-size use case, remote job opportunities, top news, tools, and articles.

Every Thursday and Saturday – You’ll receive a special edition with a deep dive use case, remote job opportunities and articles.

Top engineers at Anthropic and OpenAI say AI now writes 100% of their code.

If you're not using AI, you're spending 40 hours doing what they do in 4.

These 100+ Claude Code hacks fix that and help you ship 10x faster.

Sign up for The Code and get:

🛠 TOOL OF THE DAY

Kluctl - Unifies complex Kubernetes deployments into a single declarative framework.

  • Integrates with Helm and Kustomize.​

  • Supports diffs and dry runs.​

  • Facilitates GitOps workflows.​

🧠 USE CASE

Understanding AWS Security Groups

AWS Security Groups (SGs) are stateful firewalls controlling inbound and outbound traffic at the instance level. Security Groups attach directly to EC2 instances, RDS, ALB, Lambda (in VPC), etc.

By default:

  • All inbound traffic is blocked. You must explicitly allow it.

  • All outbound traffic is allowed. Unless you restrict it.

Since SGs are stateful, if an inbound request is allowed, the response is automatically allowed (you don’t need an outbound rule for responses)

Every rule in a Security Group has the following technical parameters:

Field

Description

Protocol

Eg Value: TCP, UDP, ICMP, All

Defines the network protocol

Port Range

Eg Value: 22 (SSH), 80 (HTTP), 443 (HTTPS)

Specific port(s) to allow

Source/Destination

Eg Value: 192.168.1.10/32, sg-12345678

The IP, CIDR, or another SG allowed to communicate

Description

Eg Value: Allow SSH from Office

(Optional) Useful for tracking

Security Groups can reference other Security Groups instead of IPs. This is critical when working with multiple tiers (Load Balancer → App Server → Database)

Use Case: ALB to Web Server
  • Instead of exposing your Web Server to 0.0.0.0/0, allow only traffic from the ALB’s SG.

  • This way, only traffic from the ALB is allowed.

Why? If the ALB’s IP changes, the rule still works because it references an SG dynamically.

Debugging Security Group Issues

1. Check Security Group Rules
aws ec2 describe-security-groups --group-ids sg-12345678

Look for missing rules if traffic isn’t working.

2. Check if the Instance is Associated with the Right SG
aws ec2 describe-instances --query 'Reservations[].Instances[].SecurityGroups'

An instance can have multiple Security Groups, ensure the right one is attached.

3. Use VPC Flow Logs to Detect Blocked Traffic
  • If traffic never reaches your instance → Wrong Security Group rule.

  • If the request reaches but gets no response → Application issue.

Things to Remember:

Use Security Groups, not static IPs in rules.
Avoid “allow all” rules (0.0.0.0/0) unless necessary.
Don’t allow 0.0.0.0/0 inbound for SSH or databases.
Use IAM roles for permissions, not security groups alone.
Regularly audit SGs to remove unused or overly permissive rules.
Only allow necessary ports (e.g., SSH from a trusted IP, HTTP from the internet).

My 2 cents:

Security Groups are not just allow/deny rules. They’re dynamic, stateful, and critical for AWS security.

So keep them tight, specific, and regularly reviewed.

I run a DevOps and Cloud consulting agency and have helped 17+ businesses, including Stanford, Hearst Corporation, CloudTruth, and more.

When your business needs my services, book a free 1:1 business consultation.

Looking to promote your company, product, service, or event to 40,000+ Cloud Native Professionals? Let's work together.

Keep Reading