Amazon EC2 Security Groups
Amazon EC2 Security Groups for EC2. A security group acts as a virtual firewall that controls the traffic for one or more instances. When you launch an instance, you associate one or more security groups with the instance.
Questions tagged [aws-security-group]
820 questions
3
votes
0 answers
AWS RDS: how to control public accessibility through security groups?
I have an RDS in a public subnet in my default VPC. It's set to "Public accessibility: Yes". Its VPC security groups allow inbound access from a couple of CIDR blocks (basically, our office and VPN IP's) and a Lambda function.
I can connect to this…
Wintermute
- 2,973
- 4
- 32
- 52
3
votes
1 answer
Connect to RDS in a different region from EC2 instance
So I have a primary RDS in us-east-1 & a replica in us-west-1. Both are inside VPCs in their respective regions. I want to have one of my EC2 instances in us-east-1 connect to the replica instance.
A simple solution is to enable public access for…
Steve Robinson
- 3,759
- 3
- 36
- 57
3
votes
1 answer
Security group does not appear to belong to the same VPC as the input subnets
This is my terraform file to create a Fargate ECS service.
variable "aws_region" { }
variable "flavor" { } # test or prod
variable "task_worker_service_name" { }
variable "task_cpu" {}
variable "task_memory" {}
variable "az_count" {}
terraform {
…
Anthony Kong
- 37,791
- 46
- 172
- 304
3
votes
2 answers
Why is AWS NACL stateless?
From what I read, stateless firewalls are used more for packet filtering. Why is AWS NACL stateless?
NACLs force too big a range of ports to be opened for the ephemeral ports.
Is there a way to create stateful firewalls on AWS other than Security…
user6317694
- 962
- 1
- 9
- 19
3
votes
3 answers
Using an AWS Network ACL versus an SG for access control?
I have an Ubuntu EC2 instance running on AWS. I have always used the Network ACL to control access to port 22 instead of using Security Groups.
Question 1: For the use case of a single EC2 instance, are there any pros and cons between using a NACL…
Neal
- 167
- 11
3
votes
1 answer
AWS EC2 Security group permissions for Network Load Balancer
I have been working on securing my AWS infrastructure and faced with a difficulty when it come to Network load balancer and Target Groups. Below is the problem.
I have an ECS cluster running on EC2 resources. All containers are managed by a Task…
LahiruBandara
- 931
- 1
- 9
- 14
3
votes
1 answer
AWS EC2 Security group access itself via HTTP
The default AWS security group references itself in the Source field implying that the instance can communicate with itself:
However, being logged in to the instance over SSH and trying to curl it by the DNS name resolving to the public instance's…
super.t
- 2,526
- 7
- 32
- 51
3
votes
1 answer
The security group does not exist in default VPC
I am launching p2.xlarge instance via cloudformation but sometimes it fails with error "The security group does not exist in default VPC" (not always). I think it could be a race condition.
Here is my cloudformation…
Atish Kumbhar
- 579
- 1
- 8
- 21
3
votes
0 answers
AWS create-cache-cluster - security group id not recognized
I tried to create a elastic cache using aws cli and faced an error. The security group id that I use is my accounts default security group id and I see it exists on the aws console. Not sure why it is erring out.
user$ aws elasticache…
auhuman
- 962
- 2
- 13
- 34
3
votes
1 answer
Find CodePipeline CIDR to add it to EC2 Security Group inbound rules
We are using AWS CodePipeline and at the build step we want to call an API hosted on an EC2 instance. That EC2 instance has a security group with some inbound rules. Is there any way to find out CIDR of the CodeBuild docker fleet, so we can add it…
user2534830
- 198
- 2
- 10
3
votes
3 answers
AWS: How to allow all TCP traffic between all instances in same VPC?
I am setting up EMR clusters on demand, and have a windows EC2 server as a workstation, and a linux EC2 server as a secondary server. All in the same VPC. I would like to avoid having to set security group rules each time an instances comes up with…
Atari2600
- 1,219
- 2
- 13
- 26
3
votes
1 answer
How to configure AWS internet facing LB ScurityGroup for internal and external requests
I'm having a hard time figuring out how to set the correct SecurityGroup rules for my LoadBalancer. I have made a diagram to try and illustrate this problem, please take a look at the image below:
I have an internet facing LoadBalancer ("Service A…
Frederik Nygaard Svendsen
- 305
- 1
- 4
- 14
3
votes
2 answers
Force AWS EC2 Instance to Use Private IP for Local Traffic
Forgive me if this question is off-topic for this community; I couldn't find a more appropriate one and StackOverflow has always come through when I need it!
I am trying to set up a bastion host with Amazon EC2. I want the only way to connect to…
Rabadash8820
- 2,328
- 3
- 27
- 49
3
votes
1 answer
How to create ElasticBeanstalk environment with non-public load balancer with Terraform
I am setting up the AWS infrastructure using Terraform. One of components is ElasticBeanstalk application/environment with a load balancer and auto-scaling group. I don't want to expose the endpoint to entire Internet but just to the limited list of…
igor
- 699
- 1
- 9
- 26
3
votes
1 answer
Create AWS EC2 security group open only to internal VPC instances and a single external service
I have a single Elastic Beanstalk instance which functions as the Admin dashboard rendering HTML templates and data fed from the database. This and the database are within a specific VPC.
Also within the VPC i have another single instance Elastic…
Rohan Panchal
- 1,211
- 1
- 11
- 28