To create an EC2 security group see http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_SecurityGroups.html#WorkingWithSecurityGroups
- The Security group belongs to a VPC, pick the correct VPC don’t just accept the default.
- Whenever possible, use the named protocol rather than a “Custom TCP Rule”
- Protocol never needs to be set, port change is only set for “Custom …” Rules.
- In almost all cases, the “source” or “destination” is a security group in the same VPC. Type the name of the security group into the console and the console with auto-complete with the correct identifier.
- When doing an experiment, leave the outbound rules as allow all to all. Harden the outbound rules up after you have everything working.