How can I allow or block specific IPs on my EC2 instance?

Last updated: 2020-10-07

I want to allow specific IP addresses access to my Amazon Elastic Compute Cloud (Amazon EC2) instance and block other IP addresses. How do I do this?

Short description

To allow or block specific IP addresses for your EC2 instances, use a network Access Control List (ACL) or security group rules in your VPC. Network ACLs and security group rules act as firewalls allowing or blocking IP addresses from accessing your resources. Network ACLs control inbound and outbound traffic at the subnet level. Security group rules act as a firewall for associated Amazon EC2 instances, controlling both inbound and outbound traffic at the instance level.

Keep in mind that network ACLs are stateless meaning that rules must explicitly allow return traffic. Security group rules automatically allow return traffic, regardless of any rules. 

Resolution

For information on how to create a network ACL, add rules, and associate one or more subnets, see Working with network ACLs

For information on how to modify the default security group, create a new group, add rules, and associate your security group to one or more instances in your subnet, see Working with security groups.


Did this article help?


Do you need billing or technical support?