I have an ubuntu server running on a EC2 AWS server. I am testing a hello world Nodejs app that I set to listen on port 9000. If I use the GUI in the AWS console to open incoming 9000 TCP port the app runs fine. But if I try and use the command line sequence shown below it wont allow connections.
sudo su
ufw allow 9000/tcp
ufw allow 22/tcp
ufw allow 80/tcp
ufw allow 8080/tcp
ufw allow 443/tcp
ufw enable
ufw status
I ran these before doing any security group things inside my AWS EC2 instance and no luck. I am doing a school project that we only have CLI access to an EC2 thru SSH so I wanted to try and open ports through the CLI if possible. Thanks in advance for any help
0
votes
you have to have 9000 allow from anywhere or your IP address in security groups in addition to ufw allow.
- Prashant Ghimire
1 Answers
1
votes
If by the GUI in the AWS console you mean security groups then you should know that it does not configure ufw. Instead security groups modify firewall rules in AWS networking equipment (either the router or switch or firewall appliance assigned to your network). In some cases you will need to configure both ufw and AWS security groups to allow access especially when you use distros with a restrictive default firewall (Debian and by extension Ubuntu does not enable the firewall by default).
If you want to configure security groups from the command line or in a script you will need to use aws cli. With the aws cli installed you can do:
aws ec2 authorize-security-group-ingress --group-id $group_id --protocol tcp --port 9000 --cidr 0.0.0.0/0
Note that the aws cli does the same thing as going to your browser and configure the security group in the console but via an API. As such it does not matter where you install the aws cli. You don't need to install it on the EC2 instance. You can install it on your personal Windows or Linux or Mac machine.
There is even an app that you can install on Android and iOS to configure the security group if you are interested.
