0

I have claimed an additional Elastic IP address and associated with an running instance. It is also tied up with a secondary Private IP Address.

I am unable to ping the new Elastic IP address.

Further, do I need to create a separate Security Group for every Elastic IP address associated with an EC2 instance, given that I wish to expose different ports on different IP addresses? How do I do so?

Kabeer
  • 195
  • 2
  • 8

1 Answers1

0

I am unable to ping the new Elastic IP address.

AWS blocks ICMP (ping, traceroute, etc.) traffic in security groups by default. You'll need to explicitly allow it in your group's settings.

Further, do I need to create a separate Security Group for every Elastic IP address associated with an EC2 instance, given that I wish to expose different ports on different IP addresses? How do I do so?

A security group is a set of firewall rules that can be applied to one or more servers. If you need different rules, you need different groups. Note that you can use more than one group - you might have a "webserver" group that opens port 80 to the world, "ssh" group that opens port 22 to your IP, etc. and apply them both to a set of servers.

ceejayoz
  • 32,910
  • 7
  • 82
  • 106
  • 1
    Security groups are applied at the instance level, rather than the interface level. Assuming the first address is pingable, I suspect it's an issue with kernel policy routing, where the reply traffic is leaving the instance via the wrong interface and EC2 just drops it as invalid/unexpected. – Michael - sqlbot Jul 17 '15 at 15:12