This is the situation:
We have an EC2 server which runs Elasticsearch and an Elastic Beanstalk (EB) environment. They both are in the same VPC.
This is my goal:
Allow access to EC2 (9200 port) only from instances generated by EB.
What I did and what happened:
Inside EC2 security group I added a rule to allow access to port 9200 from Elastic Load Balancer's security group. Didn't work - timed out. When tried to specify EB instances IP address - works.
After that I tried a more stripped down version just to see where the problem is. Created an empty security group "elasticsearch-client". Then created a security group "elasticsearch-server" with a following rule
Custom TCP Rule | TCP | 9200 | sg-xxxxxxxx (elasticsearch-client)
Attached the server group to Elasticsearch EC2 instance and client group to a new EC2 instance I want to do the search from. I tried to connect from client to the server but connection times out. I can connect to the server if I allow connections from everywhere so I know the Elasticsearch server works at least. Also it's possible to connect from the new EC2 instance if I specify it's IP in the security group.
Is the way I'm using security groups wrong? Is there another way I should be solving this?
Any help is much appreciated.
