How it works...

Here we have used variables registered from previous tasks to pass the VPC ID as an input (vpc_id). This task creates a security group with the name my_first_sg. The parameter rules is used for defining all ingress policies and similarly rules_egress for outbound policies. Every block inside ingress rules requires four key bits of information; that is, the protocol (TCP, UDP, or ICMP), the start of the port range (from_port), the end of the port range (to_port), and the CIDR to the whitelist. In all other protocols (except ICMP) we define the port range. But if we choose protocol as ICMP we have to define ICMP code. For example, 8 is used for ICMP echo requests and -1 is a wildcard (that is, any ICMP type number). We have allowed port 80 and port 443 from anywhere; that is 0.0.0.0/0. But port 22 (which is a default port for SSH connections) and all ICMP requests are accessible within the CIDR address space of our VPC.