Reputation: 361
AWS - Security Groups not opening ports
I created a Linux t3a.nano EC2 on AWS, I haven't done anything on the instance other than starting it and connect to it through SSH.
I would like to open 2 ports, port 80, and 3000, for that, I created a Security Group and added both ports to the inbound rules.
Based on AWS documentation that is all you need to do in other to open the ports, but if I connect to the instance and list the ports open none of the ports on my Security Group are listening, only 22, but that is open by default.
I am running this command to list the ports:
sudo netstat -antp | fgrep LISTEN
Other Steps I tried:
- Check my ACL, will attach a picture of the configuration below, didn't change anything it looks to be fine.
- Checked that the instance is using the correct security group.
- Stoped and started the instance.
- Created an Elastic IP and associated it to the instance to have a permanent public IP address.
Any suggestions about which steps could I am missing?
Upvotes: 1
Views: 3726
Answers (2)
Reputation: 361
Update - Response
I got to this point thanks to the comments above!
I wanted to open port 3000 to host a web service, so I did all the steps on my original question, the step that I was missing was to run a server to do something on port 3000. After I ran node I was able to see the port open internally and was able to make requests to that port.
The Security Group remains the same, but now if I list the ports this is what I get: sudo netstat -antp | fgrep LISTEN
Upvotes: 0
Reputation: 238299
You are checking the ports from inside the instance. Security Groups (SGs) work outside of your instance.
You can imagine them as a bubble around your instance. Subsequently, the instance is not aware of their existence. This can be visualized like on the below image, where the SG is a barrier outside of the instance. Only if SG allow traffic in, then your instance can further limit it by using regular software level firewalls.
To open/block ports on the instance itself you have to use a regular a firewall such as ufw. By default all ports on the instance will be opened, at least when using Amazon Linux 2 or Ubuntu.
Therefore, with your setup, inbound traffic for pots 22, 3000 and 80 will be allowed to the instance.
Upvotes: 4
Related Questions
- aws security groups: allow ec2 instance to access its own ports
- EC2 Security Group not connecting to my IP
- Cannot connect to an open port ec2 instance
- Aws instance port refuse connection even its opened in security groups
- EC2 security groups cannot communicate with each other
- EC2 port 8080 not open even added Security Group
- Fail to SSH AWS EC2 even when security group allows all traffic
- Why can't I access a port on my AWS instance, even though I have security group inbound rules that allow it?
- AWS Port in Security Group but Can't Connect
- AWS Security Group Not Permitting Inbound Traffic