i have a jupyter notebook on one ec2 instance that want to get the data from data service that is deployed on other ec2 instance. should i put ingress and egress rules for each other on both instances? I'm quite new on the field, so any explanations are appreciated! :)
Asked
Active
Viewed 907 times
2 Answers
0
Yes, you can create 2 different security groups and attach to each one.
You can allow inbound traffic from a particular security group, all instances that have the security group attached can send traffic to the instance on the port you specify.
Another important thing no notice is that security groups are stateful, when you set outbound rules the response traffic is allowed regardless of the inbound rules.
Erico
- 1,401
- 9
- 18
0
Security Group Outbound rules allow all traffic by default. Typically, you should not modify these settings.
The best way to configure you setup is:
- Create a Jupyter-SG security group and associate it with your Jupyter EC2 instance. Add whatever rules you use to connect with the instance (eg SSH).
- Create a Data-SG security group and associate it with your "Data Service" EC2 instance. Add a rule permitting inbound access on the desired port, with Source set to the Security Group ID of Jupyter-SG.
This tells the Data-SG security group to permit inbound access from the Jupyter instance (or, more accurately, from any instance that is associated with the Jupyter-SG security group).
John Rotenstein
- 241,921
- 22
- 380
- 470