How to Restrict Client machines to Ping EC2 Instances?

You can control access to your instances by using Security Groups. By default, all traffic is denied; you must create inbound rules that allow traffic. For example, you will already have a rule that allows SSH (for Linux) or RDP (for Windows). To allow ICMP (for ping), create a rule that permits ICMP only from the hosts that you wish to ping your instances.

Note that you don't have to create outbound rules for traffic that is allowed inbound. Security Groups are stateful; they automatically allow outbound traffic for inbound sessions that were allowed.