I want to allow specific IP addresses access to my Amazon Elastic Compute Cloud (Amazon EC2) instance and block other IP addresses. How do I do this?
To allow or block specific IP addresses for your EC2 instances, use a network Access Control List (ACL) or security group rules in your VPC. Network ACLs and security group rules act as firewalls allowing or blocking IP addresses from accessing your resources. Network ACLs control inbound and outbound traffic at the subnet level. Because network ACLs function at the subnet level, rules apply to all instances in associated subnets. Security group rules act as a firewall for associated Amazon EC2 instances, controlling both inbound and outbound traffic at the instance level.
Keep in mind that network ACLs are stateless, meaning that rules must explicitly allow return traffic. Security group rules automatically allow return traffic regardless of any rules.
For information on how to create a network ACL, add rules, and associate one or more subnets, see Work with network ACLs.
For information on how to modify the default security group, create a new group, add rules, and then associate your security group to one or more instances in your subnet, see Work with security groups.
Internetwork traffic privacy in Amazon VPC
Control traffic to subnets using Network ACLs
Control traffic to resources using security groups