2020年4月24日 星期五

在 AWS EC2 Instance 的 Security group (安全群組) 新增 inbound rule

AWS EC2 instance 預設只有開啟 SSH (埠 22);要新增服務時,除了 instance 內 OS 的防火牆需要設定相關的 inbound rules 之外,instance 的 security group 也要新增 inbound rules,才能夠讓外部存取服務。


本文參考自:

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/authorizing-access-to-an-instance.html

裡面的內文跟現在 2020/04/24 的操作方式 (介面) 有些不同,下面操作步驟根據現在介面說明,但是保留原文參考:

1. EC2 控制台 -> 導航窗格的 INSTANCES / Instances -> 在右邊的窗格選擇要設定的 Instance:左下方 Description 標籤的右邊有 Security groups,可以查看目前的 Security group、inbound rules、outbound rules 等資訊;

In the navigation pane of the Amazon EC2 console, choose Instances. Select your instance and look at the Description tab; Security groups lists the security groups that are associated with the instance. Choose view inbound rules to display a list of the rules that are in effect for the instance.


2. 導航窗格 -> NETWORK & SECURITY / Security Groups -> 在右邊的窗格選擇要設定的 Instance 的 Security group:右邊窗格會出現該 Security group 的 Details 窗格;

In the navigation pane, choose Security Groups. Select one of the security groups associated with your instance.


3. Details 窗格 -> Inbound 標籤 -> Edit inbound rules:會跳轉到 Edit inbound rules 頁面,在該頁面的下方點選 "Add rule";

In the details pane, on the Inbound tab, choose Edit. In the dialog, choose Add Rule, and then choose SSH from the Type list.


4. 在 Type 欄位選擇知名的服務類型 (例如,HTTP,會自動帶入 Port range) 或是自訂服務
(需要自己輸入 Port range),Source 可以選擇 Anywhere 或是 Custom (需要自己選擇或是輸入 CIDR blocks);

In the Source field, choose My IP to automatically populate the field with the public IPv4 address of your local computer. Alternatively, choose Custom and specify the public IPv4 address of your computer or network in CIDR notation. For example, if your IPv4 address is 203.0.113.25, specify 203.0.113.25/32 to list this single IPv4 address in CIDR notation. If your company allocates addresses from a range, specify the entire range, such as 203.0.113.0/24.

For information about finding your IP address, see Before you start.


5. 按下在頁面的右下邊的 "Save rules",儲存新增的 inbound rule。

Choose Save.

沒有留言: