Open a TCP port on the primary security group of a host identified through the local hosts mapping.
aws_open_port.py <instance|hostname> <port> <ip-or-host> [--region REGION] [--flush]
Resolves the target instance id from getent hosts output, so it depends on the local hosts file being current.
Accepts a CIDR directly, a host name that is resolved to /32, or any for 0.0.0.0/0.
With --flush, removes existing ingress rules for that TCP port before adding the new rule. Duplicate-rule errors are treated as harmless.