Skip to Content

5 Things To Know About Using AWS Security Groups For Ping

By: Author Robert McCall

AWS Security group for ping

AWS security groups can be a great way to allow and restrict access to certain protocols and ports. It is a stateful resource that lets you specify both inbound and outbound connections.

To allow ping coming from a particular source IP address, you will simply want to enable the protocol type of ICMP, and select the source IP address of your machine that is initiating the Ping.

Read more here:

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/security-group-rules-reference.html

How do I enable ping in security group?

Enabling the ping command in your security group is easy. All you have to do is enable ICMP traffic to be allowed, then input your appropriate machine IP to allow the traffic from.

Does ping work in AWS?

Pinging your resources in AWS can be a great way to identify connectivity for other types of traffic. To enable it, one thing you’ll have to do is simply go to your security group and explicitly allow the ICMP traffic into your specified resource. 

Security groups are a stateful firewall basically attached to your instance’s elastic network card interface, and allow both inbound and outbound connections for a particular type of traffic and source ip.

How can I ping my AWS instance?

Once you have enabled the appropriate rules for your instance through its’ security group, you can initiate the following command: 

Ping <client IP address>

If successful, you should get a response back from the ICMP traffic in the terminal window.

How do I turn off ping in AWS instance?

If you no longer want to have ping traffic for your AWS instance, you can simply remove the rule on your security group. This would effectively thwart any attempt at a ping to your machine.

Another layer of security you can implement, are network access control lists. They’re basically subnet level firewalls that enable more explicit allow and deny type of rules than a security group.

Final Thoughts

Using Security groups for ping traffic is very easy to do and only requires slight modifications to the inbound and outbound rules.

If you have an EC2 instance that needs to be pinged by other machines either in your VPC or other locations, then you’ll want to establish an inbound rule allowing ICMP, and explicitly allow the source IP that is initiating the ping.