amazon-web-servicesamazon-ec2aws-security-group
EC2 Security Group inbound rule not working as expected
I have an instance that hosts a mongodb service and I am trying to allow incoming traffic for port 27017 from an autoscaling group of instances. I am adding the security group (that has the AG instances) I want to access the specific instance, but I see it times out.
Inbound rule:
I have tried allowing a specific address or 0.0.0.0 and it works. Only when I am specifying the security group id it doesn't work.
Any help on this highly appreciated.
Solution
Assuming that you also have a Load Balancer, you would want three security groups:
- ELB-SG: Allow incoming web traffic as appropriate (eg 80, 443). Associate it with the Load Balancer.
- App-SG: Allow incoming traffic from ELB-SG. Associate it with the Auto Scaling Group, which will automatically assign it to the instances launched via Auto Scaling.
- Mongo-SG: Allow incoming traffic from App-SG on port 27017. Associate it with the instance running Mongo.
Basically, have the security groups reference another Security Group and they will automatically accept traffic from instances associate with that other security group.
- How to use MFA with AWS CLI?
- How do I get the URL for the item using the Amazon API
- How to make links work with exported sites when hosted on AWS Cloudfront?
- Error launching CloudFormation Template for CloudHSM
- Glacier as Resource in CloudFormation template?
- how to secure keys for API calls from android device to amazon services
- Why is this IAM policy denying access with an MFA session?
- AWS Lambda Function Trigger API Gateway Issue
- GetMyFeesEstimate API Amazon vba
- AWS Cloudformation !Ref SecurityGroup returns an invalid ID
- How to set up AWS Client VPN with Keycloak as IdP
- How to view/identify which process taking how much memory?
- using bottlenose in python to extract product price from Amazon in different locale
- Unable to delete cfn stack, role is invalid or cannot be assumed
- How to Set Up Account Linking for a Skill using Alexa API from Amazon?
- GitHub actions "aws: not found" error on ubuntu-latest with Godot CI
- Download file from S3 to Rails 4 app
- Cloudfront (CDN) with Internal Application Load Balancer
- Connecting private load balancer to cloud front distribution?
- Request to Amazon API with delphi : Got HTTP/1.1 403 Forbidden
- Amazon QuickSight Connects Over Internet Instead of VPC to Public Redshift Cluster
- Shift Lambda infrastructure to ECS
- IAM policy to allow EC2 instance API access only to modify itself
- How to match these 2 tables?
- What is the best way of getting files from AWS S3, inserting them into zip and uploading that zip to the bucket?
- What does this mean? An error occurred (SignatureDoesNotMatch) when calling the GetCallerIdentity operation: Signature expired
- AWS ElastiCache in cluster mode has no Primary / Reader endpoints
- How to query: filtering on multiple primary partition keys and range on primary sort key
- How can I get boto3 script to run as a Lambda function?
- Testing AWS CDK Applications Locally