diff --git a/index.js b/index.js
index 80d1c91..82b6fe5 100644
--- a/index.js
+++ b/index.js
@@ -144,27 +144,28 @@ async function main () {
       result = await client.request('CreateSecurityGroup', params, options)
       log.debug({ result }, 'CreateSecurityGroup')
       SecurityGroupId = result.SecurityGroupId
-      params = {
-        RegionId: ECS.RegionId,
-        SecurityGroupId,
-        IpProtocol: 'tcp',
-        SourceCidrIp: '0.0.0.0/0'
-      }
-      const port = config.ssr_server.port + ''
-      const PortRange = port.slice(0, -1) + '0/' + port.slice(0, -1) + '9'
-      result = await Promise.all([
-        client.request('AuthorizeSecurityGroup', { ...params, IpProtocol: 'icmp', PortRange: '-1/-1' }, options), // enable ping
-        client.request('AuthorizeSecurityGroup', { ...params, PortRange: '22/22' }, options),
-        client.request('AuthorizeSecurityGroup', { ...params, PortRange: '80/80' }, options),
-        client.request('AuthorizeSecurityGroup', { ...params, PortRange: '443/443' }, options),
-        client.request('AuthorizeSecurityGroup', { ...params, PortRange }, options)
-      ])
-      log.debug({ result }, 'AuthorizeSecurityGroup')
     } else {
       SecurityGroupId = result.SecurityGroups.SecurityGroup[0].SecurityGroupId
       VpcId = result.SecurityGroups.SecurityGroup[0].VpcId
     }
     log.info(`VpcId: ${VpcId}, SecurityGroupId: ${SecurityGroupId}`)
+    params = {
+      RegionId: ECS.RegionId,
+      SecurityGroupId,
+      IpProtocol: 'tcp',
+      SourceCidrIp: '0.0.0.0/0'
+    }
+    const port = config.ssr_server.port + ''
+    const PortRange = port.slice(0, -1) + '0/' + port.slice(0, -1) + '9'
+    result = await Promise.all([
+      client.request('AuthorizeSecurityGroup', { ...params, IpProtocol: 'icmp', PortRange: '-1/-1' }, options), // enable ping
+      client.request('AuthorizeSecurityGroup', { ...params, PortRange: '22/22' }, options),
+      client.request('AuthorizeSecurityGroup', { ...params, PortRange: '80/80' }, options),
+      client.request('AuthorizeSecurityGroup', { ...params, PortRange: '443/443' }, options),
+      client.request('AuthorizeSecurityGroup', { ...params, PortRange }, options)
+    ])
+    log.debug({ result }, 'AuthorizeSecurityGroup')
+    log.info(`为安全组${SecurityGroupId}开启端口`)
 
     let VSwitchId
     params = { RegionId: ECS.RegionId, VpcId, ZoneId }