Concepts
A security group is a named collection of access rules. These access rules specify which ingress (i.e., incoming) network traffic should be delivered to your instance. All other ingress traffic will be discarded.
You can modify rules for a group at any time. The new rules are automatically enforced for all running instances and instances launched in the future.
Note | |
---|---|
You can create up to 100 rules per group. |
When you launch an AMI instance, you can assign it to as many groups as you like.
If no groups are specified, the instance is assigned to the default
group. By default, this group allows all network traffic from other members of this
group and discards traffic from other IP addresses and groups. If this does not
meet your needs, you can modify the rule settings of the default
group.
The access rules define source based access either for named security groups or for IP addresses (i.e., CIDR-based rules). For CIDR-based rules, you can also specify the protocol and port range (or ICMP type/code).