Home > OS >  What is 'Custom TCP' in AWS security group?
What is 'Custom TCP' in AWS security group?

Time:01-14

When I set a inbound rule in a security group for an AWS EC2 like this:

enter image description here

So source type says that only traffic from my computer is to be allowed and only port 8080 in EC2 instance is to be made accessible.

What does 'Type' field here means when I set it as 'Custom TCP'? I see other values for this field, like HTTP,HTTPS,NFS,RDS,Postgres,SSH etc which basically define protocol type(if I am not wrong). What does Custom TCP define?

CodePudding user response:

A 'Custom TCP' rule in an AWS security group allows you to specify a custom TCP protocol and a port range for inbound or outbound traffic. For example, if you have a custom application running on a specific port, you can create a 'Custom TCP' rule to allow traffic to that port. This allows you to have more fine-grained control over the traffic that is allowed to reach your EC2 instances.

You can read more about this here: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/security-group-rules.html

CodePudding user response:

Custom TCP just means you can manually type in a port number to open in the AWS firewall. Use this when you need to open a port that doesn't correspond to a commonly used service. For example, ssh typically uses TCP port 22, and ssh is a program/protocol most AWS system administrators will use, so there is a dropdown option for ssh as a convenience that automatically enters TCP as the protocol and 22 as the port to open for data to flow to your EC2 instance.

You could alternately select "Custom TCP (port)" and manually enter 22, but then you might give it a name in one security group like "Forward 22 for SSH" and in another security group "open ssh"... Using the dropdown's SSH option provides consistency/readability in your security group rules.

IANA maintains a port number registry for common ports, but this list is much larger than AWS is likely to use for their dropdown menu. The options AWS presents are just enough to provide convenience for the most commonly used protocols when you're setting up forwarding rules.

  • Related