AWS Security Group Default Rules

Steven Jul 09, 2026

When it comes to securing your AWS resources, Security Groups play a pivotal role. They act as a virtual firewall, controlling inbound and outbound traffic to your instances. Understanding the default rules of AWS Security Groups is crucial to ensure the security and compliance of your AWS environment.

AWS Security Services What Are the 5 Core AWS Services
AWS Security Services What Are the 5 Core AWS Services

By default, AWS Security Groups follow the principle of least privilege, which means they allow no inbound traffic and allow all outbound traffic. This default behavior is designed to enhance the security of your instances. However, it's essential to understand how to modify these rules to suit your specific use case without compromising security.

#cloudsecurity #awssecurity #azuresecurity #gcpsecurity #cybersecurity | Artem Polynko
#cloudsecurity #awssecurity #azuresecurity #gcpsecurity #cybersecurity | Artem Polynko

Understanding AWS Security Group Default Rules

Before delving into the default rules, it's crucial to understand the structure of Security Groups. They consist of rules that either allow or deny traffic based on the protocol (TCP, UDP, ICMP, etc.), port range, and source/destination (another security group, an IP range, or a prefix list).

the different types of security infos on this page are shown in red, white and blue
the different types of security infos on this page are shown in red, white and blue

Now, let's explore the default rules for both inbound and outbound traffic.

Inbound Traffic Default Rules

GoDaddy
GoDaddy

As mentioned earlier, AWS Security Groups do not allow any inbound traffic by default. This means that no rules are added to allow incoming traffic. To permit inbound traffic, you must explicitly add rules to your Security Group.

Here's an example of what the inbound rules look like by default:

[
    {
        "IpProtocol": "-1",
        "FromPort": 0,
        "ToPort": 65535,
        "IpRanges": [
            {
                "CidrIp": "0.0.0.0/0"
            }
        ],
        "PrefixListIds": [],
        "UserIdGroupPairs": [],
        "Ipv6Ranges": [],
        "PrefixListIds": []
    }
]

This rule denies all inbound traffic from any source (0.0.0.0/0 represents all IP addresses).

the aws iam best practices for 2055 info graphic on how to use it
the aws iam best practices for 2055 info graphic on how to use it

Outbound Traffic Default Rules

Unlike inbound traffic, AWS Security Groups allow all outbound traffic by default. This means that any traffic initiated by your instance is allowed, regardless of the destination or protocol.

Here's an example of what the outbound rules look like by default:

owasp top 10 web application vulnerabilities
owasp top 10 web application vulnerabilities

[
    {
        "IpProtocol": "-1",
        "FromPort": 0,
        "ToPort": 65535,
        "IpRanges": [
            {
                "CidrIp": "0.0.0.0/0"
            }
        ],
        "PrefixListIds": [],
        "UserIdGroupPairs": [],
        "Ipv6Ranges": [],
        "PrefixListIds": []
    }
]

This rule allows all outbound traffic to any destination (0.0.0.0/0 represents all IP addresses).

Modifying Default Rules for Specific Use Cases

Core AWS Security Services – qualimente
Core AWS Security Services – qualimente
a diagram showing the different types of networked devices and how they are connected to each other
a diagram showing the different types of networked devices and how they are connected to each other
Security and Privacy Audits: A Core Topic for CIA Part 1 Candidates
Security and Privacy Audits: A Core Topic for CIA Part 1 Candidates
the aws security management manual is displayed in this screenshote, which shows how to
the aws security management manual is displayed in this screenshote, which shows how to
aws_security_incident_response.pdf
aws_security_incident_response.pdf
Cloud Security Audit Services | Secure AWS, Azure & Google Cloud
Cloud Security Audit Services | Secure AWS, Azure & Google Cloud
Building a Secure Private Cloud Network on AWS with Transit Gateway and SSM (2025 Guide)
Building a Secure Private Cloud Network on AWS with Transit Gateway and SSM (2025 Guide)
the acronym for security misconfiguration is shown in this slider image
the acronym for security misconfiguration is shown in this slider image
AI Security Threats for Personal Use, Teams, and Agents – Vasyl Ivanov
AI Security Threats for Personal Use, Teams, and Agents – Vasyl Ivanov
the diagram shows how aws and vcds work together to create an appliance
the diagram shows how aws and vcds work together to create an appliance
the security controls chart is shown in yellow
the security controls chart is shown in yellow
𝗥𝗶𝘀𝗸𝘆 𝗚𝗶𝘁𝗛𝘂𝗯 𝗢𝗜𝗗𝗖 𝗮𝗻𝗱 𝗙𝗲𝗱𝗲𝗿𝗮𝘁𝗶𝗼𝗻 𝗔𝗰𝗰𝗲𝘀𝘀 Federated access is powerful. But weak federation rules...
𝗥𝗶𝘀𝗸𝘆 𝗚𝗶𝘁𝗛𝘂𝗯 𝗢𝗜𝗗𝗖 𝗮𝗻𝗱 𝗙𝗲𝗱𝗲𝗿𝗮𝘁𝗶𝗼𝗻 𝗔𝗰𝗰𝗲𝘀𝘀 Federated access is powerful. But weak federation rules...
Qi Men Dun Jia Grand Master - Dougles Chan
Qi Men Dun Jia Grand Master - Dougles Chan
Real AI Agent Security architecture - 2026 Enterprise blueprint
Real AI Agent Security architecture - 2026 Enterprise blueprint
Understanding Active Directory for IT Support | Eng Saleem posted on the topic | LinkedIn
Understanding Active Directory for IT Support | Eng Saleem posted on the topic | LinkedIn
AI Guardrails Explained | AI Engineering Day 38
AI Guardrails Explained | AI Engineering Day 38
#cybersecurity #backup #321backuprule #dataprotection #disasterrecovery #businesscontinuity #informationsecurity #networksecurity #itinfrastructure #itknowledgeseries | Sandeep Kumar
#cybersecurity #backup #321backuprule #dataprotection #disasterrecovery #businesscontinuity #informationsecurity #networksecurity #itinfrastructure #itknowledgeseries | Sandeep Kumar
the diagram shows how to use cloud computing for security and protection in different areas of the world
the diagram shows how to use cloud computing for security and protection in different areas of the world
Step-by-Step Guide to Hardening an AWS Account
Step-by-Step Guide to Hardening an AWS Account
aws - solutions library samples / guidance - for
aws - solutions library samples / guidance - for

While the default rules provide a high level of security, they may not suit all use cases. For instance, you might need to allow specific inbound traffic for your instances to function correctly. In such cases, you can modify the default rules to allow only the necessary traffic.

Here are some best practices to follow when modifying default rules:

  • Principle of Least Privilege: Only allow the traffic that is absolutely necessary for your instances to function.
  • Specificity: Be as specific as possible with your rules. Instead of allowing traffic from a broad range of IP addresses, allow traffic only from trusted sources.
  • Regular Audits: Regularly audit your Security Groups to ensure that they still align with your security needs and comply with relevant regulations.

Adding Inbound Rules

To add an inbound rule, you need to specify the protocol, port range, and source. For example, to allow SSH traffic from a specific IP address, you would add a rule like this:

{
    "IpProtocol": "tcp",
    "FromPort": 22,
    "ToPort": 22,
    "IpRanges": [
        {
            "CidrIp": "10.0.0.0/16"
        }
    ]
}

This rule allows SSH traffic (TCP port 22) from the IP range 10.0.0.0/16.

Removing Default Rules

It's not recommended to remove the default rules entirely, as they provide a baseline level of security. However, you can modify them to suit your needs. For instance, you can modify the inbound rule to allow traffic only from specific IP ranges or security groups.

Remember, any changes you make to your Security Groups can have a significant impact on the security of your instances. Always ensure that you understand the implications of your changes before implementing them.

In the dynamic world of cloud security, it's crucial to stay informed about the latest best practices and AWS services. Regularly review and update your Security Groups to ensure they align with your security needs and comply with relevant regulations. By doing so, you can enhance the security and resilience of your AWS environment.