An AWS EC2 security group is a set of network firewall rules that AWS applies to each EC2.

To create an EC2 security group see


  1. The Security group belongs to a VPC, pick the correct VPC don’t just accept the default.
  2. Whenever possible, use the named protocol rather than a “Custom TCP Rule”
  3. Protocol never needs to be set, port change is only set for “Custom …” Rules.
  4. In almost all cases, the “source” or “destination” is a security group in the same VPC.  Type the name of the security group into the console and the console with auto-complete with the correct identifier.
  5. When doing an experiment, leave the outbound rules as allow all to all.  Harden the outbound rules up after you have everything working.