Monday, August 1, 2011

AWS EC2 Security Group (Firewall) Design and Creation

By Semir H.

This quick tutorial will show you how to open up some common ports on the AWS EC2 Firewalls, otherwise known as Security Groups. Please note that you should think about the Security Group design before you create Amazon Web Services (AWS) EC2 Instances. Once created and associated with a Security Group, there is no easy way (but there is a way) to associate an Instance with a different Security Group. I’ll show you how you can do it in another tutorial.

Let’s say we want to open TCP port 22 for SSH access to a Linux machine, ports 80 (HTTP) and 443 (HTTPS) for web access and port 10000 for Webmin. We want the HTTP/S ports to be open to anyone on the Internet but we want to restrict access over SSH and Webmin ports to a certain IP. The IP we will restrict it to will be (obviously made up).

If you find this tutorial useful, please consider making a donation to support future work like this:

Thank you :)


Log into your Amazon Web Service (AWS) Management Console.

Navigate to Security Groups in the NETWORKING & SECURITY section.

Click on the “Create Security Group” button.

Give it a Name and a Description. Leave the VPC option as “No VPC”. Click on “Yes, Create”. Example:

Select the newly created Security Group and click on the Inbound tab at the bottom of the page to create new rules.

HTTP(S) and SSH can be pre-selected from the “Create a new rule” drop-down box. Webmin port will be the custom option.

Finally, click on “Apply Rule Changes”.

To put in a single IP as the Source you need to put the netmask as /32.
So our fake address will be entered as

As you add the rules they will appear to the right of the rule creation area. You will see a message saying “Your changes have not been applied yet” until you apply them. To apply them just hit the “Apply Rule Changes” button.

Here’s what our finished example looks like:

No comments:

Post a Comment