You are absolutely right, thanks for the comment. Probably I forgot these because I had these rules added long time ago to my default security group. I will update the post to reflect this

A better way to do this is to create a separate security group that allows inbound SSH on port 22 and TCP on port 80.

An Cloud Formation example on how it would like:

Notice how we added the SecurityGroups tag under the EC2 instance property, where we referred to the logical ID of the security group created.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store