If you are hosting a public asset, such as a website on an EC2 instance, you should only allow users to connect to it through HTTP (port 80) or HTTPS (port 443). For HTTP traffic, add an inbound rule on port 80 from the source address 0.0.0.0/0. For HTTPS traffic, add an inbound rule on port 443 from the source address 0.0.0.0/0. These inbound rules allow traffic from IPv4 addresses.
We recommend you restrict unwanted traffic from internet facing EC2 instances by opening only web browsing ports. In addition, consider using AWS Elastic Load Balancers (ELB) as an alternative to open port access. AWS ELB is an important building block enabling the distribution of load to your backend instances in a round-robin fashion.
Do not allow global access to well-known ports of an EC2 instance directly (except for 80 and 443).
Updated 10 months ago