Using and Managing AWS – Configure the Security Group
Configure the Security Group
The next step is to plan out your security group. Remember that the security group is your instance’s firewall. You open (or close) ports, as needed, for the applications that will be running.
The first port to open is 22. Port 22 is used by SSH and is your primary means of connecting to the instance.
If you will be running a database, you will need to open the appropriate port. For example, Oracle uses a default port of 1521. It is a best practice not to use the default so you may want to open 15120 or something like that. The same applies for any other database using TCP connections.
If you are going to be running web applications, you will need to open ports 80 and, if running SSL, 43. I usually open alternative web ports such as 8000 and 8080 to allow me development and administrative access.
The ports that you open are determined by the applications that you will be running. You can open up all of the ports if you want to but that is inherently insecure. As a best practice, only open those ports that are required.
You cannot change the security group in a running instance but you can open and close ports while the instance is running. You can start with just port 22 and modify as needed.