网络安全组配置指南：AWS、K8s、GCP防火墙规则与最佳实践

network-security-groups by aj-geddes/useful-ai-prompts

141 周安装量

162 GitHub Stars

GitHub

安装命令

npx skills add https://github.com/aj-geddes/useful-ai-prompts --skill network-security-groups

云服务开发运维安全

🇨🇳中文介绍

网络安全组

概述

实施网络安全组和防火墙规则，以强制执行最小权限访问、划分网络段，并保护基础设施免受未经授权的访问。

使用场景

入站流量控制
出站流量过滤
网络分段
零信任网络
DDoS 缓解
数据库访问限制
VPN 访问控制
多层应用程序安全

快速开始

最小工作示例：

# aws-security-groups.yaml
Resources:
  # VPC Security Group
  VPCSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: VPC security group
      VpcId: vpc-12345678
      SecurityGroupIngress:
        # Allow HTTP from anywhere
        - IpProtocol: tcp
          FromPort: 80
          ToPort: 80
          CidrIp: 0.0.0.0/0
          Description: "HTTP from anywhere"

        # Allow HTTPS from anywhere
        - IpProtocol: tcp
          FromPort: 443
          ToPort: 443
          CidrIp: 0.0.0.0/0
          Description: "HTTPS from anywhere"

        # Allow SSH from admin network only
        - IpProtocol: tcp
// ... (see reference guides for full implementation)

广告位招租

在这里展示您的产品或服务

触达数万 AI 开发者，精准高效

联系我们

指南	内容
AWS Security Groups	AWS 安全组
Kubernetes Network Policies	Kubernetes 网络策略
GCP Firewall Rules	GCP 防火墙规则
Security Group Management Script	安全组管理脚本

🇺🇸English

Network Security Groups

Overview
When to Use
Quick Start
Reference Guides
Best Practices

Overview

Implement network security groups and firewall rules to enforce least privilege access, segment networks, and protect infrastructure from unauthorized access.

When to Use

Inbound traffic control
Outbound traffic filtering
Network segmentation
Zero-trust networking
DDoS mitigation
Database access restriction
VPN access control
Multi-tier application security

Quick Start

Minimal working example:

# aws-security-groups.yaml
Resources:
  # VPC Security Group
  VPCSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: VPC security group
      VpcId: vpc-12345678
      SecurityGroupIngress:
        # Allow HTTP from anywhere
        - IpProtocol: tcp
          FromPort: 80
          ToPort: 80
          CidrIp: 0.0.0.0/0
          Description: "HTTP from anywhere"

        # Allow HTTPS from anywhere
        - IpProtocol: tcp
          FromPort: 443
          ToPort: 443
          CidrIp: 0.0.0.0/0
          Description: "HTTPS from anywhere"

        # Allow SSH from admin network only
        - IpProtocol: tcp
// ... (see reference guides for full implementation)

Reference Guides

Detailed implementations in the references/ directory:

Guide	Contents
AWS Security Groups	AWS Security Groups
Kubernetes Network Policies	Kubernetes Network Policies
GCP Firewall Rules	GCP Firewall Rules
Security Group Management Script	Security Group Management Script

Best Practices

✅ DO

Implement least privilege access
Use security groups for segmentation
Document rule purposes
Regularly audit rules
Separate inbound and outbound rules
Use security group references
Monitor rule changes
Test access before enabling

❌ DON'T

Allow 0.0.0.0/0 for databases
Open all ports unnecessarily
Mix environments in single SG
Ignore egress rules
Allow all protocols
Forget to document rules
Use single catch-all rule
Deploy without firewall

Weekly Installs

Repository

aj-geddes/usefu…-prompts

GitHub Stars

116

First Seen

Jan 21, 2026

Security Audits

Gen Agent Trust HubPass SocketPass SnykPass

Installed on

opencode82

gemini-cli80

codex79

claude-code79

cursor74

github-copilot65

网络安全组配置指南：AWS、K8s、GCP防火墙规则与最佳实践

🇨🇳中文介绍

网络安全组

目录

概述

使用场景

快速开始

相关 Skills

参考指南

最佳实践

✅ 建议做法

❌ 避免做法