         | Did this page help you? Yes No Tell us about it... |
Adding Rules to the Default Security Group
Before you can log in to an instance, you must authorize access.
This section describes how to add rules that allow HTTP access on port 80, SSH access on port 22, and Remote Desktop (RDP) access on port 3389. This enables the instance to be reached on port 80 from the Internet and enables you to administer the instance over SSH or RDP.
AWS Management Console
To authorize access to your instance
Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.
Click Security Groups in the Navigation pane.
The console displays a list of security groups that belong to the account.
Select the default security group.
Its rules appear on the Inbound tab in the lower pane.
To add the HTTP rule:
Select
HTTPfrom the Create a new rule menu.Click Add Rule.
The rule is added to the list of rules on the right. However, the rule isn't applied to the group until you click Apply Rule Changes (which you'll do after you've added all the rules). Notice that the rules are highlighted in blue, and there's an asterisk on the Inbound tab. These signs indicate that you haven't yet applied the rule changes.
To add the SSH rule:
Select
SSHfrom the Create a new rule menu.In the Source field, enter your public IP address (e.g., 192.0.2.1/32).
Click Add Rule.
The rule is added to the list of rules.
To add the RDP rule:
Select
RDPfrom the Create a new rule menu.In the Source field, enter your public IP address (e.g., 192.0.2.1/32).
Click Add Rule.
The rule is added to the list of rules.
Click Apply Rule Changes.
The new rules now apply to the default security group. Notice that the rules are no longer highlighted in blue, and the asterisk no longer appears on the Inbound tab.
Command Line Tools
To authorize access to your instance
Enter the
ec2-authorizecommands.PROMPT>ec2-authorize default -p 22 -syour-local-system's-public-ip-address/32PERMISSION default ALLOWS tcp 22 22 FROM CIDRyour-local-system's-public-ip-address/32PROMPT>ec2-authorize default -p 3389 -syour-local-system's-public-ip-address/32PERMISSION default ALLOWS tcp 3389 3389 FROM CIDRyour-local-system's-public-ip-address/32PROMPT>ec2-authorize default -p 80PERMISSION default ALLOWS tcp 80 80 FROM CIDR 0.0.0.0/0Because we didn't specify otherwise, your instance was launched in your
defaultgroup. The first command authorizes network access from your local system to instances in your default group on the standard SSH port (22). The second command authorizes RDP access (port 3389) from your local system to instances in the default security group. Similarly, the third command opens up the standard HTTP port (80).
API
To authorize access to your instance
Construct the following Query requests. The first two of the following requests give your local system the ability to use SSH (port 22) or Remote Desktop (port 3389) to connect to any instance in the "default" security group. The third command allows all port 80 traffic into all instances in the "default" security group.
https://ec2.amazonaws.com/ ?Action=AuthorizeSecurityGroupIngress &GroupName=default &IpPermissions.1.IpProtocol=tcp &IpPermissions.1.FromPort=22 &IpPermissions.1.ToPort=22 &IpPermissions.1.IpRanges.1.CidrIp=
your-local-system's-public-ip-address/32 &AUTHPARAMS https://ec2.amazonaws.com/ ?Action=AuthorizeSecurityGroupIngress &GroupName=default &IpPermissions.1.IpProtocol=tcp &IpPermissions.1.FromPort=3389 &IpPermissions.1.ToPort=3389 &IpPermissions.1.IpRanges.1.CidrIp=your-local-system's-public-ip-address/32 &AUTHPARAMS https://ec2.amazonaws.com/ ?Action=AuthorizeSecurityGroupIngress &GroupName=default &IpPermissions.1.IpProtocol=tcp &IpPermissions.1.FromPort=80 &IpPermissions.1.ToPort=80 &IpPermissions.1.IpRanges.1.CidrIp=0.0.0.0/0 &AUTHPARAMSFollowing is an example response.
<AuthorizeSecurityGroupIngressResponse xmlns="http://ec2.amazonaws.com/doc/2011-12-15/"> <requestId>59dbff89-35bd-4eac-99ed-be587EXAMPLE</requestId> <return>true</return> </AuthorizeSecurityGroupIngressResponse>
