When you're managing EC2 instances across your infrastructure, it's easy to get caught up in launching, tagging, and tweaking, but security should always be on your mind. A single open port or misconfigured rule can be all it takes for trouble to find you.
The good news is that you don’t need to be a security expert to take a few quick steps that make your EC2 environment safer. Today, I’ll show you three simple AWS CLI commands you can run to help lock things down fast.
Index
- List All Open Security Group Ports
- Restrict SSH Access to a Specific IP
- Enable Detailed Monitoring for EC2 Instances
- Business Use Case
- Summary
1. List All Open Security Group Ports
Command:
aws ec2 describe-security-groups \
--query "SecurityGroups[*].{Name:GroupName,ID:GroupId,Inbound:IpPermissions}" \
--output table
Note: the --output options for this command are text, table or yaml. For scripting or automation, you can use json or text
Running this command gives you an output of tables of the security groups that helps you spot overly open rules (like 0.0.0.0/0 on port 22).
Why this matters: You can quickly review inbound rule across all groups without accessing the AWS Management Console.
2. Restrict SSH Access to a Specific IP
Change the SSH (port 22) rule to allow access only from your IP, not the whole world.
When you run the two commands, you change the IP address from "any IP address" to "your IP address". That means that incoming traffic comes from your IP address only, and not all outside traffic.
Command:
aws ec2 revoke-security-group-ingress \
--group-id sg-0123456789abcdef0 \
--protocol tcp --port 22 --cidr 0.0.0.0/0
aws ec2 authorize-security-group-ingress \
--group-id sg-0123456789abcdef0 \
--protocol tcp --port 22 --cidr YOUR.IP.ADDRESS.0/32Note:
-
0.0.0.0/0means allow access from anywhere on the internet. This tells AWS that any IP address in the world can reach this port on this server. - It's okay to use
0.0.0.0/0for public-facing services like: Web servers (port 80/443) or APIs meant to be public.
Why this matters: This locks down SSH access to our machine only.
3. Enable Detailed Monitoring for EC2 Instances
Enable CloudWatch detailed monitoring on an instance so you can detect unusual spikes in activity.
Command:
aws ec2 monitor-instances --instance-ids i-0123456789abcdef0
After running the command monitoring confirmed enabled.
Why this matters: Helps detect brute-force login attempts, CPU spikes, or suspicious behavior faster.
4. Business Use Case
Security is a critical part of running stable, reliable cloud infrastructure. For teams running production workloads, even one exposed instance can lead to service disruptions, compliance issues, or worse.
Using CLI commands to audit and lock down EC2 instances gives you a fast and scalable way to apply security best practices across environments without relying entirely on the management console.
5. Summary
Security doesn’t have to be complicated, and even a few small changes can make a big impact. Using the AWS CLI to manage security on EC2 instances lets you work faster, especially when you need to apply changes across multiple instances or environments.
These three commands are a great starting point, but there is a long security checklist your company has to manage security over the entire infrastructure. You should be in the habit of reviewing your EC2 settings, secure what you can, always keep and eye on your cloud.
Connect with me on LinkedIn to comment or share your experiences with using the AWS CLI.
#30DaysLinuxChallenge #RedHatEnterpriseLinux
#CloudWhistler #CloudEngineer #Linux
#DevOps #RedHat #OpenSource
#CloudComputing #WomenInTech
