Reputation: 11
AWS Security group - Do I need to open outbound port for accessing internet or using yum
As I read about AWS security groups, we must open outbound ports to initiate traffic from within instance. What if I have to access a website or download some packages (using yum) over HTTP? Do I need to open any specific ports for this? As I understand for HTTP/HTTPS client uses random ports to make a socket connection so in that case should I open all ports?
Upvotes: 1
Views: 767
Answers (1)
Reputation: 36073
In order to make connections from your EC2 instance to the internet, you must open outbound ports in your security group.
The port number you need to open is the destination port, not the source port(s).
Some examples:
- to allow HTTP connections from your EC2 instance to the internet, you need to create a rule for 0.0.0.0/0 on port 80.
- to allow HTTPS connections from your EC2 instance to the internet, you need to create a rule for 0.0.0.0/0 on port 443.
If the web servers you're connecting to are listening on different ports (aside from 80 or 443), then you need to change or add more rules accordingly.
Upvotes: 3
Related Questions
- AWS Security Group rules: How does ssh connection to EC2 still works when I have removed outbound rules
- AWS Security group : source of inbound rule same as security group name?
- AWS security groups not working as expected
- AWS and Terraform - Default egress rule in security group
- AWS Lambda to access EC2 with appropriate security group settings
- AWS Security Group show 'UDP Port open' while it should deny?