Hints — EC2 Security Groups - Lab 01
Open each hint only after you’ve spent time investigating on your own.
Hint 1 — Where to look
The instance is running and Apache is installed. The browser request never even reaches the server — it times out completely.
In EC2, all inbound traffic is blocked by default unless explicitly allowed. What controls inbound traffic to an EC2 instance?
Navigate to the EC2 console, select your instance, and look at the Security tab.
Hint 2 — Read the security group rules
Click on the security group attached to your instance. Open the Inbound rules tab.
What ports are currently allowed? Is port 80 (HTTP) listed?
Hint 3 — What needs to be added
Security groups are deny-by-default. Traffic on port 80 (HTTP) must be explicitly allowed before web browsers can reach your server.
You need to add an inbound rule that allows TCP traffic on port 80.
Spoiler Alert — Full Solution
Root cause: The security group attached to the instance has no inbound rule for port 80 (HTTP). EC2 security groups block all inbound traffic by default — only ports with explicit allow rules can receive traffic. The browser request times out because it is silently dropped at the security group before reaching Apache.
To fix:
- Open the EC2 console and go to Security Groups
- Select the security group named
brokenlabs-ec2-lab-01-sg - Click Edit inbound rules
- Click Add rule
- Set Type to
HTTP(port 80 fills in automatically), Source to0.0.0.0/0 - Click Save rules
- Reload the
WebPageURLin your browser — the AWS Broken Labs page should appear