Make use of the security groups and of course use strong passwords. Also, make sure that your ec2 instance and Jenkins installation are up-to-date with the latest security patches. Security Groups act as virtual, stateful firewalls that control the traffic for one or more instances. If possible, narrow the IP range to only the relevant source IP addresses. Do not open any extraneous TCP or UDP ports (TCP 80 and 8080 are sufficient).