I host a website on an EC2 instance. How do I allow my users to connect on HTTP (80) or HTTPS (443)?
Last updated: 2020-10-30
I host my website on an Amazon Elastic Compute Cloud (Amazon EC2) instance. I want users to connect to my website on HTTP (port 80) or HTTPS (port 443). How can I do that?
To allow traffic on port 80 and 443, you must configure the associated security group and network access control list (network ACL).
Security group rules
For HTTP traffic, add an inbound rule on port 80 from the source address 0.0.0.0/0. For HTTPS traffic, add an inbound rule on port 443 from the source address 0.0.0.0/0. These inbound rules allow traffic from IPv4 addresses. To allow IPv6 traffic, add inbound rules on the same ports from the source address ::/0. For more information on creating or modifying security groups, see Working with security groups.
Security groups are stateful, so the return traffic from the instance to users is allowed automatically. You don't need to modify the security group's outbound rules.
The following example shows the security group rules for allowing both IPv4 and IPv6 traffic on port 80 and 443:
|HTTP (80)||TCP (6)||80||0.0.0.0/0|
|HTTP (80)||TCP (6)||80||::/0|
|HTTPS (443)||TCP (6)||443||0.0.0.0/0|
|HTTPS (443)||TCP (6)||443||::/0|
The default network ACL allows all inbound and outbound traffic. If you use a custom network ACL with more restrictive rules, then you must explicitly allow traffic on port 80 and 443. Network ACLs are stateless, so you must add both inbound and outbound rules to enable the connection to your website. For more information on modifying network ACL rules, see Network ACLs.
Note: If your users connect over IPv6 and your Amazon Virtual Private Cloud (Amazon VPC) has an associated IPv6 CIDR block, your default network ACL automatically adds rules allowing all inbound and outbound IPv6 traffic.
The following example shows a custom network ACL that allows traffic on port 80 and 443:
|Rule #||Type||Protocol||Port Range||Source||Allow/Deny|
|100||HTTP (80)||TCP (6)||80||0.0.0.0/0||ALLOW|
|101||HTTPS (443)||TCP (6)||443||0.0.0.0/0||ALLOW|
|102||HTTP (80)||TCP (6)||80||::/0||ALLOW|
|103||HTTPS (443)||TCP (6)||443||::/0||ALLOW|
|Rule #||Type||Protocol||Port Range||Destination||Allow/Deny|
|100||Custom TCP Rule||TCP (6)||1024-65535||0.0.0.0/0||ALLOW|
|101||Custom TCP Rule||TCP (6)||1024-65535