You are absolutely right, thanks for the comment. Probably I forgot these because I had these rules added long time ago to my default security group. I will update the post to reflect this

A better way to do this is to create a separate security group that allows inbound SSH on port 22 and TCP on port 80.

An Cloud Formation example on how it would like:

Notice how we added the SecurityGroups tag under the EC2 instance property, where we referred to the logical ID of the security group created.

Software engineer (JS | REACT | Node | AWS | Test Automation)