0

I have an application running at port 9001 in the private EC2 instance.

I have a web server running in the public subnet. The subnets and the routeing table with IGW and NAT Gateways are set up properly.

I have security groups defined for each instance.

Web Server SG:

Inbound: Webserver Inbound

App server SG:

Inbound: Allowed all traffic from web Server SG

The application is listing on port 9001. So Do I need to explicitly mention port 9001 in the Web server SG and then the Application server will send the traffic to the webserver?

Or Do I need to explicitly allow traffic from Private EC2 instances like outbound rules?

Jwary
  • 137
  • 2
  • 16
  • Are you simply asking for confirmation on how to set this up before testing it, or are you saying that you've set it up as described above and it doesn't work? – jarmod Mar 28 '22 at 13:52
  • Yes, I did set it up. when I hit the HTTP://public IP: 9001 I am not getting any response. – Jwary Mar 28 '22 at 13:55
  • If I understand, you don't have a public EC2 instance listening on port 9001. Your private app server listens on 9001 and your public web server appears to listen on 22, 80, and 443. – jarmod Mar 28 '22 at 13:58
  • Yeah. I did try that above. Also private app server I allowed all ports from anywhere(0.0.0.0/0). Even this did not work. – Jwary Mar 28 '22 at 14:24
  • It might help for you to explain how this application is designed to operate. Typically, I'd expect the user to hit a web server at a public IP on port 443 and for the web server to reach the private application server on some custom port (9001 in your case). So the web server SG should allow ingress from the client IP (or 0.0.0.0/0) on 443 and the app server SG should allow ingress from the web server SG on 9001. SGs are stateful so you don't need any SG rules for the response path. – jarmod Mar 28 '22 at 14:38

0 Answers0