0
0
AwsHow-ToBeginner · 3 min read

How to Open a Port in AWS Security Group

To open a port in an AWS security group, use the aws ec2 authorize-security-group-ingress command with the security group ID, protocol, port number, and source IP range. This command adds a rule that allows inbound traffic on the specified port.
📐

Syntax

The command to open a port in an AWS security group uses the AWS CLI and looks like this:

  • aws ec2 authorize-security-group-ingress: The command to add an inbound rule.
  • --group-id: The ID of the security group to update.
  • --protocol: The network protocol (e.g., tcp, udp, icmp).
  • --port: The port number to open.
  • --cidr: The IP range allowed to access the port, in CIDR notation.
bash
aws ec2 authorize-security-group-ingress --group-id <security-group-id> --protocol tcp --port <port-number> --cidr <ip-range>
💻

Example

This example opens port 8080 for TCP traffic from any IP address (0.0.0.0/0) in the security group with ID sg-0123456789abcdef0. It allows inbound connections on port 8080 from anywhere.

bash
aws ec2 authorize-security-group-ingress --group-id sg-0123456789abcdef0 --protocol tcp --port 8080 --cidr 0.0.0.0/0
Output
An ingress rule has been added to security group sg-0123456789abcdef0 allowing TCP traffic on port 8080 from 0.0.0.0/0.
⚠️

Common Pitfalls

  • Using the wrong --group-id will update the wrong security group or cause an error.
  • Forgetting to specify the correct --protocol or --port can block traffic.
  • Setting --cidr too wide (like 0.0.0.0/0) can expose your service to the internet; restrict it to trusted IPs when possible.
  • Not having AWS CLI configured with proper permissions will cause authorization errors.
bash
Wrong:
aws ec2 authorize-security-group-ingress --group-id sg-wrongid --protocol tcp --port 22 --cidr 0.0.0.0/0

Right:
aws ec2 authorize-security-group-ingress --group-id sg-correctid --protocol tcp --port 22 --cidr 203.0.113.0/24
📊

Quick Reference

Remember these tips when opening ports in AWS security groups:

  • Always specify the correct security group ID.
  • Use the right protocol: tcp, udp, or icmp.
  • Open only necessary ports to minimize security risks.
  • Limit --cidr to trusted IP ranges whenever possible.
  • Verify changes with aws ec2 describe-security-groups.

Key Takeaways

Use the AWS CLI command authorize-security-group-ingress to open ports in a security group.
Always specify the correct security group ID, protocol, port, and IP range.
Limit access by using narrow CIDR blocks instead of 0.0.0.0/0 when possible.
Check your AWS CLI permissions before running the command.
Verify your security group rules after changes to ensure they are correct.

Related by keyword

How to Configure Security Group for AWS RDS InstancesRDSHow to Create IAM Group in AWS: Step-by-Step GuideIAMSecurity Group vs NACL: Key Differences and When to Use EachVPCWhat is a Security Group in VPC: Simple Explanation and ExampleVPCHow to Use AWS Security Hub: Setup and Best PracticesSecurity

Up next

What is AWS STS: Secure Temporary Access ExplainedWhat is Trust Policy in AWS: Simple Explanation and ExampleACL vs Bucket Policy in S3: Key Differences and Usage GuideHow to Create an S3 Bucket in AWS: Simple Steps

More in EC2

ALB vs NLB vs CLB: Key Differences and When to Use EachEBS vs Instance Store in AWS: Key Differences and Usage GuideGP2 vs GP3 vs IO1 in AWS: Key Differences and Usage GuideHow to Attach EBS Volume to EC2 Instance in AWS