• By default, only the port 22 (i.e. SSH service port) is open to accept inbound traffic coming to server in all AWS EC2 instances.
  • However, all ports (1 to 65535) are open for the outbound traffic sending from server.
  • By default, the firewall settings of EC2 servers are managed by AWS firewall, not by tools like firewalld or ufw.
  • If you need to open ports other than default SSH port 22 for listening incoming traffic coming to server, you need to do it using the EC2 management console.

Steps

  1. Navigate to EC2 management console > In the left side-bar, select NETWORK & SECURITY menu > select Security Groups.
  2. Select your EC2 instance > Actions drop down menu > select Edit inbound rules.
  3. In the inbound rule window, you can add/modify/delete the inbound rules of your EC2 instance. If you use already-available service protocols (like SSH, HTTP), choose them. If the port is consumed by a custom service, you can mention it too.
// open port 80 for all incoming traffic from any IP (0.0.0.0/0)
Type: HTTP
Protocol: TCP
Port Range: 80
Source: Custom (0.0.0.0/0)

// open port 22 for all incoming traffic from any IP (0.0.0.0/0)
Type: SSH
Protocol: TCP
Port Range: 22
Source: Custom (0.0.0.0/0)

// enable ICMP traffic from anywhere - note that ICMP (i.e. Ping) traffic doesn't use port numbers, so there is no port for ping
Type: Custom ICMP rule - IPv4
Protocol: Echo Request
Port Range: N/A
Source: Anywhere (0.0.0.0/0, ::/0)
  • 0.0.0.0/0 - specify IPv4 traffic
  • ::/0 - specify IPv6 traffic

✅ Tested OS's : RHEL 7+, CentOS 7+, Ubuntu 18.04+, Debian 8+
✅ Tested Gear : Cloud (AWS EC2)

👉 Any questions? Please comment below.


Tags:

Updated:

Leave a comment