Since 2006, Amazon Web Services (AWS) began to offer IT infrastructure services to companies and businesses like web services globally known as cloud computing. Amazon Web Services (AWS) provides a highly scalable, reliable, and low-cost infrastructure platform in the cloud that powers thousands of businesses worldwide. AWS is the most adopted and comprehensive cloud platform that offers more than 200 fully-featured sets of global cloud-based services. Some of the cloud-based products provided by AWS include compute, storage, databases, networking, developer tools, management tools, security, IoT, analytics, and enterprise applications: with pay-as-you-go pricing and on-demand services in seconds. AWS provides a platform for businesses to develop applications using the programming language of their choice with the help of familiar tools. In this tutorial, we will learn the steps to open and close server ports for remote access in Amazon Web Services (AWS Cloud) via the AWS Console.
Open Server Ports for Remote Access
>> Note: Making AWS application’s network ports public is a significant security risk. We strongly advise only allowing access to those ports from trusted networks. Suppose users need to access applications outside of a trusted network for development purposes and do not allow access to those ports using a public IP address. Instead, use a reliable and secure channel such as an SSH tunnel or a VPN.
Amazon Web Services (AWS) Cloud servers have some or all of their ports closed in order to secure them against any external attacks by default. In some instances, ports need to be opened for specific applications to operate properly. These ports are also left open by default.
If the user needs to access their servers remotely using a different port, they must first open the necessary port(s) using the AWS Console. If the server was first launched using Amazon Lightsail, users should open the ports through the Amazon Lightsail dashboard instead of AWS Console.
Using the AWS Console
In order to open ports other than the default ones in AWS Cloud using the Console, follow the below steps:
1. First, log in to the AWS Console as an admin user.
2. If needed, use the region selector in the top right corner to choose the region where the user wants to launch their instance.
3. Next, select the instance for which the user wants to open the ports in the dashboard.
4. Select the name of the security group used by the instance in the lower panel.
5. The resulting page will display all the details related to the selected security group.
6. Select the Inbound tab to display a list of all the ports allowing inbound traffic.
7. Then, click the Edit button.
8. In the resulting dialog window, choose the Add Rule button and add a new Custom TCP Rule using the following:
8.1) Port: Enter the port number or port range that the user needs to open in this field.
8.2) Source: Use the Anywhere option from the drop-down to allow access from anywhere, or use the Custom IP option and then specify an IP address range.
>> Note: We recommend that inbound connections should only be allowed from known and trusted IP ranges. By entering Anywhere, we are allowing access by anyone on the Internet. This is strongly discouraged and can result in unknown parties gaining access to the user’s data and application.
9. Finally, click the Save button to save the changes.
For an example, review the image shown below, which demonstrates opening port 21 (the FTP port) for access.
>> Note: The security rules come into effect shortly, even without a server restart.
Close Server Ports And Deny Remote Access
>> Note: If the server was launched using Amazon Lightsail, all the ports should be modified using the Amazon Lightsail dashboard instead of AWS Console.
Using the AWS Console
In order to close server ports and deny remote access on that port in AWS Cloud using the AWS Console, follow the below steps:
1. First, log in to the AWS Console as an admin user.
2. If needed, use the region selector in the top right corner to choose the region where the user wants to launch their instance.
3. Next, select the instance for which the user wants to close the ports in the dashboard.
4. Select the name of the security group used by the instance in the lower panel.
5. The resulting page will display all the details related to the selected security group.
6. Select the Inbound tab to display a list of all the ports allowing inbound traffic.
7. Then, click the Edit button.
8. In the resulting dialog window, select the cross symbol next to the security rule for the port(s) that the user wishes to close. The system will delete the security rule, thereby denying inbound traffic to that port.
9. Finally, click the Save button to save the changes.
>> Note: The security rules come into effect shortly, even without a server restart.
Conclusion
This tutorial presents the steps to open and close server ports for remote access in Amazon Web Services (AWS Cloud) via the AWS Console. Hope this tutorial was helpful, and do reach out to us if you have any queries or suggestions.