All Products
Search
Document Center

Elastic Compute Service:Common ports

Last Updated:Apr 27, 2026

Configure security group rules with the correct ports for services such as SSH, SMTP, and HTTP on ECS instances.

Background

Each security group rule requires a port or port range. The security group forwards or blocks traffic to the ECS instance based on an allow or deny policy.

For example, when you use an SSH client such as Xshell to connect to an ECS instance, the security group checks whether an inbound rule allows the source IP address and whether port 22 is open. The connection succeeds only if a matching rule exists.

Important

Some carriers block high-risk ports such as 25, 135, 139, 444, 445, 5800, and 5900 by default. Even if your security group rules allow traffic on these ports, users in affected regions may still be unable to access them. Use non-high-risk ports for your services instead.

For ports used by Windows Server applications, see Microsoft documentationService overview and network port requirements for Windows.

Common ports

The following table lists default ports for common applications.

Port

Service

Description

21

FTP

File Transfer Protocol (FTP) port for uploading and downloading files.

22

SSH

SSH port for connecting to Linux instances with tools such as PuTTY, Xshell, or SecureCRT. See Connect to a Linux instance using a password.

23

Telnet

Telnet port for remote logon to an ECS instance.

25

SMTP

Simple Mail Transfer Protocol (SMTP) port for sending email.

Note

Port 25 on ECS instances is restricted by default for security reasons. Use SSL-encrypted port 465 to send emails instead.

53

DNS

Domain Name System (DNS) port.

Note

If you use an allowlist for outbound security group rules, allow traffic on UDP port 53 for domain name resolution.

80

HTTP

HTTP services such as IIS, Apache, and Nginx.

To troubleshoot port 80 issues, see Check whether TCP port 80 works as expected.

110

POP3

Post Office Protocol 3 (POP3) port for receiving email.

143

IMAP

Internet Message Access Protocol (IMAP) port for receiving email.

443

HTTPS

HTTPS services providing encrypted communication.

1433

SQL Server

TCP port for SQL Server external services.

1434

SQL Server

UDP port for SQL Server, used to query information such as the TCP/IP port number and IP address of SQL Server.

Important

Open UDP port 1434 only if you use the SQL Server Browser service. Otherwise, close or restrict this port to improve security.

1521

Oracle

Default service port for Oracle databases.

3306

MySQL

Default service port for MySQL databases.

3389

Remote Desktop Services

Remote Desktop Services port for connecting to Windows instances. See Connect to a Windows instance by using a remote desktop connection or app.

8080

proxy port

Like port 80, port 8080 is often used for WWW proxy services. To access a website or proxy server on this port, append IP address:8080 to the URL. Apache Tomcat uses port 8080 by default.

137, 138, 139

NetBIOS protocol

NetBIOS protocol, used for Windows file and printer sharing and Samba.

  • UDP ports 137 and 138 handle communication for file transfers in Network Neighborhood.

  • Port 139 is used to access NetBIOS/SMB services.

5432

PostgreSQL

Default service port for PostgreSQL databases.

6379

Redis

Default service port for Redis databases.

Use cases

The following table shows security group rule settings for common use cases. For more examples, see Security group application guide and cases.

Use case

Network type

Direction

Policy

Protocol

Port range

Object type

Authorization object

Priority

Connect to a Linux instance over SSH

VPC

Inbound

Allow

Custom TCP

SSH (22)

CIDR block

0.0.0.0/0

1

Connect to a Windows instance over RDP

VPC

Inbound

Allow

Custom TCP

RDP (3389)

CIDR block

0.0.0.0/0

1

Ping an ECS instance over the Internet

VPC

Inbound

Allow

All ICMP

-1/-1

CIDR block or security group

Depends on the object type.

1

Use an ECS instance as a web server

VPC

Inbound

Allow

Custom TCP

HTTP (80)

CIDR block

0.0.0.0/0

1

Upload or download files over FTP

VPC

Inbound

Allow

Custom TCP

20/21

CIDR block

Specified IP address range

1