2

My goal is simple:

Allow any instance inside a VPC to connect to a specific security group.

The field for allowed sources suggests: "CIDR, IP or Security group".

Is there a way for me to specify a VPC?

The reason beeing that I have multiple instances inside a VPC with different security groups but all need access to the security group I am creating.

helloV
  • 50,176
  • 7
  • 137
  • 145
ThatBrianDude
  • 2,952
  • 3
  • 16
  • 42

3 Answers3

5

Your VPC has a CIDR group range, so just specify the CIDR group that is being used by your VPC and it will allow access from anything in the VPC.

Mark B
  • 183,023
  • 24
  • 297
  • 295
  • I see. What could be the issue for failed pings between two instances set up as described? Both VPC's have internet gateways set up and assigned to the routing tables. – ThatBrianDude Nov 07 '17 at 16:12
  • 1
    You mean using the actual `ping` command? Ping uses the ICMP protocol, which is not usually open on AWS. You would have to add a rule to your security group allowing ICMP traffic. `ping` isn't really the best method of testing connectivity on AWS. Also what do you mean by "both VPC's"? Your question is about a single VPC. If you talking about cross-VPC traffic then you need to enable VPC Peering http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-peering.html – Mark B Nov 07 '17 at 16:16
  • uh oh. I intended to have a security group in another VPC to allow traffic from a different VPC. I guess thats the problem at stake. Thank you for you help I will look into Peering – ThatBrianDude Nov 07 '17 at 16:20
  • Yeah these VPC IP ranges are internal to the VPC. You have to setup VPC peering before the other VPC can see traffic coming from those internal IP addresses. – Mark B Nov 07 '17 at 16:33
2

What you are asking is the primary functionality of a security group. For example, if the CIDR of the VPC you want to allow is 10.4.0.0/16,

enter image description here

helloV
  • 50,176
  • 7
  • 137
  • 145
0

Set the Inbound route to the required CIDR group. The Outbound will automatically be set as per AWS VPC design.