EC2 Security Groups
To create a security group with least privilege
Select a Region for the security group. Security groups are specific to a Region, so you should select the same Region in which you created your key pair.
In the navigation pane, choose Security Groups.
Choose Create security group.
In the Basic details section, do the following:
Enter a name for the new security group and a description. Use a name that is easy for you to remember, such as your user name, followed by _SG_, plus the Region name. For example, me_SG_uswest2.
In the VPC list, select your default VPC for the Region.
In the Inbound rules section, create the following rules (choose Add rule for each new rule):
Choose HTTP from the Type list, and make sure that Source is set to Anywhere (0.0.0.0/0).
Choose HTTPS from the Type list, and make sure that Source is set to Anywhere (0.0.0.0/0).
Choose SSH from the Type list. In the Source box, choose My IP to automatically populate the field with the public IPv4 address of your local computer. Alternatively, choose Custom and specify the public IPv4 address of your computer or network in CIDR notation. To specify an individual IP address in CIDR notation, add the routing suffix /32, for example, 203.0.113.25/32. If your company allocates addresses from a range, specify the entire range, such as 203.0.113.0/24.
Warning
For security reasons, we don't recommend that you allow SSH access from all IPv4 addresses (0.0.0.0/0) to your instance, except for testing purposes and only for a short time.
Choose Create security group.
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/get-set-up-for-amazon-ec2.html
Check
describe-stale-security-groups
describe-security-group-references
describe-security-groups