Understanding EC2 Security Groups

Question

I'm reading instructions (on installing R on an EC2 instance) that ask me to do the following:

When you get to the ‘Security Groups’ tab, create a security group that has the following ports open: 22 (SSH), 80 (HTTP), 443 (HTTPS), 3389 (RDP, optional), and 8787 (RStudio Server).

I don't fully understand what this means. Especially when it comes to opening port 8787 for the RStudio Server.

Here's the tab to add an inbound rule for a Security Group:

So, if I want to "open port 8787 for RStudio," what do I do? Is that a TCP rule?

If I want open that port to "everyone," what do I specify as the source?

Answer 1

It's a custom TCP rule. The port range is just the single number (8787 here).

The source is all the IP addresses you want to allow to use it. The first four numbers are dotted quads, a way of specifying a 32 bit address as four 8 bit decimal numbers. 192.168.1.0 is an example. The number after the slash is the number of bits that the source address must match.

So 192.168.1.0/24 means any address that matches the first 24 bits would be allowed: 192.168.1.0 through 192.168.1.255. 0.0.0.0/0 means any address that matches the first 0 bits would be allowed. That is, any address at all.

I don't know how secure the RStudio protocol is, but I'd advise against allowing all addresses on the Internet to connect to it. Find your own IP address (you can just Google "what's my ip" to find out). Say it's 123.123.123.123. Then you could specify the source to be 123.123.123.123/32, meaning that address, and only that address, would be allowed.

If you connect from different places in the future, you can change the rule to match whatever address you are at each time you need to connect.

Answer 2

Yes its a TCP rule. If you want to open the port to everyone, you would use 0.0.0.0/0.

Opening to everyone is not always a good idea, depends what you are trying to do.