How to Add Rules to the Default Security Group

Amazon Elastic Compute Cloud: 2009-08-15

previous page next page

How to Add Rules to the Default Security Group

Before you can log in to an instance, you must authorize access.

This section describes how to add rules that allow HTTP access on port 80, SSH access on port 22, and Remote Desktop (RDP) access on port 3389. This enables the instance to be reached on port 80 from the Internet and enables you to administer the instance over SSH or RDP.

AWS Management Console

To authorize access to your instance

  1. Log in to the AWS Management Console and click the Amazon EC2 tab.

  2. Click Security Groups in the Navigation pane.

    The console displays a list of security groups that belong to the account.

  3. Select the default security group.

    Its rules appear in the lower pane.

  4. To add the HTTP rule, enter the following:

    • Select HTTP from the Connection Method list box.

    • Select TCP from the Protocol list box.

    • Enter 80 in the From Port and To Port fields.

    • Enter 0.0.0.0/0 in the Source field.

    Then, click Save.

  5. To add the SSH rule, enter the following:

    • Select SSH from the Connection Method list box.

    • Select TCP from the Protocol list box.

    • Enter 22 in the From Port and To Port fields.

    • Enter your public IP address in the Source field.

    Then, click Save.

  6. To add the RDP rule, enter the following:

    • Select RDP from the Connection Method list box.

    • Select TCP from the Protocol list box.

    • Enter 3389 in the From Port and To Port fields.

    • Enter your public IP address in the Source field.

    Then, click Save.

Command Line Tools

To authorize access to your instance

  • Enter the ec2-authorize commands.

    PROMPT>  ec2-authorize default -p 22 -s your-public-ip-address/32
PERMISSION     default  ALLOWS  tcp     22      22      FROM    CIDR   your-public-ip-address/32
PROMPT>  ec2-authorize default -p 3389 -s your-public-ip-address/32
PERMISSION     default  ALLOWS  tcp     3389      3389      FROM    CIDR   your-public-ip-address/32
PROMPT>  ec2-authorize default -p 80
PERMISSION     default  ALLOWS  tcp     80      80      FROM    CIDR   0.0.0.0/0

    Because we didn't specify otherwise, your instance was launched in your default group. The first command authorizes network access to instances in your default group on the standard SSH port (22). Similarly, the second command opens up the standard HTTP port (80).

previous page start next page