When you create an instance, you must create a Security Group or select an existing Security Group. A Security Group is the Amazon Web Services term for a firewall. Configure the Security Group to allow and deny access to the instance.
When an instance is running, you cannot change the Security Group it belongs to. You can modify the rules of that Security Group, however.
Note:
Amazon says, “A security group defines firewall rules for your instances. These rules specify which incoming network traffic should be delivered to your instance (e.g., accept web traffic on port 80). All other traffic is ignored. You can modify rules for a group at any time. The new rules are automatically enforced for all running instances.”
-
In the AWS Management Console, in the Navigation pane, click Security Groups.
-
Protocol
This menu contains a list of protocols and the ports they most commonly use. For example, HTTP uses port 80. The RTMP protocol is not included in this list. To add it, select Custom and enter 1935 for the From Port and To Port.
From Port
This is the low number in a range. To open a single port, use the same value for the From Port and To Port.
To Port
This is the high number in a range. To open a single port, use the same value for the From Port and To Port.
Source (IP or Group).
Note:
From the Amazon documentation: To allow access from other instances in a security group, enter the security group name in the Connection Source field.To configure this rule to apply to an IP address range, enter the CIDR range. For example, enter 0.0.0.0/0 to allow all IP addresses to access the specified port range. Enter an IP address or subnet to limit access to that one computer or network, for example 92.23.32.51/32.
Add rules to the Security Group
By default, Adobe Media Server is configured to use the following ports and protocols to stream media. Define the following ports in a Security Group:
Connection method |
Protocol |
Port |
Description |
---|---|---|---|
HTTP |
TCP |
80 |
By default, Flash Player and AIR clients that cannot connect to Adobe Media Server over port 1935 attempt to tunnel over port 80 (RTMPT). If Apache is installed and enabled, HTTP requests made over port 80 are proxied to Apache over port 8134. |
All |
TCP |
1935 |
By default, Flash Player and AIR clients make RTMP connections to Adobe Media Server over port 1935/TCP. To communicate with Adobe Media Server over the RTMP protocol, clients attempt to connect to ports in the following order: 1935, 80 (RTMP), 80 (RTMPT). |
All |
UDP |
1935 |
The RTMFP protocol communicates over UDP. Clients connect to the server over 1935 and the server redirects the client to a port between 19350 and 19360. To change the default RTMFP port range, edit the Adaptor/RTMFP/Core/HostPortList/HostPort element in the Adaptor.xml Configuration files. |
SSH |
TCP |
22 |
Allows you to connect to an instance over SSH to copy files, manage logs and configuration files, and so on. |
To configure additional ports for streaming, add the ports to the Security Group and add the ports to the Adobe Media Server configuration files. See Configure IP addresses and ports in Adobe Adobe Media Server Configuration and Administration Guide.
For detailed information about securing your instance, see the Adobe Media Server Hardening Guide.
For more information about securing the server, see Configuring security features in the Adobe Media Server Configuration and Administration Guide.
Learn more about Amazon Web Services Network Security Concepts and Using Security Groups.
For information about Amazon EC2 security, see Amazon Web Services: Overview of Security Processes and Tips for Securing your EC2 Instance.