4

I have an EC2 machine with Elasticsearch installed. I need to get port 9200 open so other internal machines on the same region could access this port. I have no intention to keep this port open publicly.

I'm not sure how to do this. Is there a custome IP that I could use to do so? Should I use VPC?

M-T-A
  • 141
  • 1
  • 1
  • 6

2 Answers2

5

Your EC2 has a Public and Private IP. Use the Private IP and create the applicable rule in your Security Group's Inbound settings.

Log-in to the AWS Management Console and navigate to EC2.

To get your Private IP, navigate to Instances. Select the EC2 instance and go to the Description tab. You will find the Private IP there.

To create a Security Group rule, go to Network and Security > Security Groups. Select the applicable security settings and add port 9200 using the Private IP.

EDIT: I suggest you just edit your existing Security Group instead of creating a new one. Each EC2 comes with a Security Group when it is created.

How To:

  1. Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/
  2. In the navigation pane, choose Security Groups.
  3. Select the security group used by the EC2 instance that you want to allow inbound port 9200.
  4. Once selected, in the Inbound Tab, choose Edit.
  5. Once the Edit inbound rule page opens, choose Add Rule. Here your can add port 9200 using the Private IP of the other EC2 instances.

Sample vaues when adding new security rule:

  • Type: Custom TCP Rule
  • Protocol: TCP
  • Port Range: 9200
  • Source: Custom IP 172.25.25.25/32

Reference: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html#security-group-rules

jarvis
  • 2,006
  • 4
  • 18
  • 31
  • Would you provide a step by step guide on how to add a security group? – M-T-A May 31 '16 at 23:32
  • @M-T-A I suggest you EDIT your security group instead of creating a new one. Each EC2 has a security group when the instance is launched. I edited the answer. – jarvis May 31 '16 at 23:49
  • Thanks for updating it. Is there a way to allow ALL instances in the region to access it? – M-T-A Jun 01 '16 at 10:42
1

AWS EC2 instance has both private and public IP. To check the private IP, click on the instance in the AWS EC2 management console and right click -> Networking-> Manage private IP address.

You can check both private and public IP address. You can block all the incoming traffic on your public IP address and use private IP address for connecting within network.

Vivek
  • 286
  • 1
  • 3