...
Instead, CUIT recommends opening traffic to ONLY the ports and IP ranges that your application requires. This may mean creating more complex rules, but it will result in greatly improved security. In the following example, the Security Group is configured to permit traffic from any IP address, but ONLY to ports 80 and 443, for web traffic. With this configuration, administrative ports like SSH and RDP are not open to the internet.
Existence of this rule will almost guarantee an attacker gaining illicit accessPlease contact CUIT if you have any further questions. For help configuring a security group, please see:
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html
...