By default, a security group prevents incoming network traffic from all sources. You can modify network rules and allow incoming traffic to security groups from specified sources using the euca-authorize command.
To authorize security group rules:
euca-authorize to authorize port 22 access to your default group. Enter the following command:
euca-authorize -P <protocol> -p <port_number> \ -s <CIDR_source_network> <group_name>
The following example allows all incoming SSH traffic on port 22 to access to the security group
mygroup . The CIDR source network,
0.0.0.0/0 , refers to any source.
euca-authorize -P tcp -p 22 -s 0.0.0.0/0 mygroup GROUP mygroup ↵ PERMISSION mygroup ALLOWS tcp 22 22 FROM CIDR
Instead of specifying a CIDR source, you can specify another security group. The following example allows access to the security group
mygroup from the
someothergroup security group using SSH on port 22.
euca-authorize --source-group someothergroup \ --source-group-user someotheruser -P tcp -p 22 mygroup