0

I stumbled across a very challenging issue in AWS and need some help on resolving the problem.

I have 2 instances of AWS Ec2 instances(Public IPs 34.229.179.42 and 54.89.157.115) both started with a security_group - default. enter image description here

Instance 2 (54.89.157.115) has an application running in port 9300.

1) When i update the security_Group to open 9300 for specific IPs, i am able to telnet from one instance to another. enter image description here

2) When I update the security_group to open 9300 based on security ID, it is not able to telnet.

Any idea why is this behavior???? enter image description here

Prabhu shanmughapriyan
  • 79
  • 10

1 Answers1

0

So, the security group belongs to the VPC i.e. will be recognized when the traffic is "inside" the VPC.

When you are trying to telnet the public IP 54.89.157.115 from another instance in the same VPC (public IP 34.229.179.42), assuming you have not made any changes in the route table, the traffic will go via the internet gateway (hence over the internet). 34.229.179.42 >> IGW >> 54.89.157.115

Thus, the source IP address will be the public IP 34.229.179.42 and will be denied because there is no allow in the inbound rule.

You should be able to telnet the port using the private IP while using the security group ID as source in the inbound rule.

sudo
  • 2,237
  • 1
  • 9
  • 14