1

I have recently added a ALB for 2 instances in EC2.

I want to make the ALB and EC2 instances to be private so I added the security group for each services.

What I did is that I added the IP Addresses in HTTPS of the EC2 instances in the ALB sg. vice versa in the EC2 sg.

In Route 53. I made a subdomain to link in the DNS name of ALB.

I tried to test it first using sg that is public and it works fine and can access the EC2 application. But after I tried to set the sg for both the ALB and EC2. When I test it, It can't access it.

Where did I go wrong?

Richard Vergis
  • 1,037
  • 10
  • 20

1 Answers1

1

A security group can allow traffic from a CIDR range of IP addresses, or from another Security Group. Thus, you should configure the following Security Groups:

  • ALB-SG: Allow HTTP/S from 0.0.0.0/0 (if you want it open to the world). Associate it with the ALB.
  • App-SG: Allow HTTP from ALB-SG. Associate it with your EC2 instances (or Auto Scaling group Launch Configuration).

The Application Security Group (App-SG) is thus permitting incoming traffic from the Load Balancer. Or, more specifically, from any resource that is associated with ALB-SG.

Route 53 should have a CNAME record pointing your desired domain name to the DNS Name of the Load Balancer.

John Rotenstein
  • 241,921
  • 22
  • 380
  • 470