0

I try to allow HTTPS connection to my ELB from my public IP and my EC2 instance (from their public IP).

Like:

archicteture

But I didn't know how I can allow my EC2 instances . Do you know how I can do that ?

Thanks in advance for your help ;)

David
  • 1,177
  • 3
  • 11
  • 26
  • Why do you need your instances to go out to the Internet and back in to the ELB? How are you forcing the EC2 instances to go out of the VPC, out to the Internet, and back into the VPC anyway? What is the exact issue you are facing? What are your current security group rules? Have you tried simply adding your EC2 instance's public IPs to the ELB's security group? – Mark B Oct 06 '17 at 15:13

1 Answers1

1

First thing, your instances should not have a direct link to internet. That is not safe. If you have to have it, then setup a NAT instance/gateway to allow this connection just for outbound from EC2 instances.

To answer your question, the best solution as per me to allow the connectivity between your EC2 instances and your ELB is to configure ELB security group to open only required protocols and ports for outbound connections to the security group of EC2 instances. And, on EC2 instance security group, open the inbound connectivity from ELB security group only for required protocols and ports.

I hope this helps.

ACloudRoamer
  • 1,043
  • 2
  • 11
  • 19
  • If you could elaborate what was not clear, I would try to explain more. – ACloudRoamer Oct 09 '17 at 12:49
  • Ok, some wasn't clear enough, my bad :s - I use an internet gateway - My EC2 instance is used through ECS. - The ELB make the routing with a mapping between FQDN and ECS service. - To call correctly each services from any container, I need to go through ELB. - I need to restrict my ELB input because, I deploy that for test purpose Ps: I have some trouble to make a proper list .... – David Oct 09 '17 at 12:53