IP port 3389
When launching an Amazon EC2 instance you need to specify its security group. The security group acts as a firewall allowing you to choose which protocols and ports are open to computers over the internet. You can choose to use the default security group and then customize it, or you can create your own security group. Configuring a security group can be done with code or using the Amazon EC2 management console.
If you choose to use the default security group, it will initially be configured as shown below:
The protocols to configure are TCP, UDP and ICMP. (ICMP is used for ping.) There is also a range of ports for each protocol. (ICMP uses no port, that is why the range is -1 to -1.) Lastly, the source allows you to open the protocols and ports to either a range of IP addresses or to members of some security group.
The default security group above may be a little confusing. It appears that everything is wide open. In fact everything is closed. The default group, by default, opens all ports and protocols only to computers that are members of the default group (if that makes any sense). Anyway, no computer across the Internet can access your EC2 instance at that point.
Most likely, you’ll need to open some protocols and ports to the outside world. There are a number of common services preconfigured in the Connection Method dropdown as shown below.
As an example, if you are configuring an EC2 instance to be a Web server, you’ll need to allow the HTTP and HTTPS protocols. When you select them from the list, and the security group would be altered as shown below.
The most important thing to note is the Source IP. When you specify “0.0.0.0/0” that really means your allowing every IP address access the specified protocol and port range. So in the example, TCP ports 80 and 443 are open to every computer on the Internet.
You might also want to allow services to manage the server, upload files and so on. For example, if I was configuring a Windows server I’d want to use Remote Desktop which would require me to enable RDP which uses TCP port 3389. However, I’d only want my IP address to have access to that protocol. It would be crazy to allow every computer in the world access to services like RDP, FTP, database services etc. See the screenshot below.