amazon-web-servicesamazon-ec2kubernetesamazon-eksaws-security-group
P.S.
How to add rules to allow traffic on some port range for nodePort on aws EKS?
My exposed service on nodePort seems to not allow traffic through it.
So how to add rules to allow traffic for that port range on CLI not on the console?
Solution
EC2 Security groups
There is a security group on your screen.
See more about security groups:
CLI for AWS Security groups
As for CLI for working with AWS Security groups, see this article: Creating, Configuring, and Deleting Security Groups for Amazon EC2 - AWS Command Line Interface
$ aws ec2 create-security-group --group-name my-sg --description "My security group" --vpc-id vpc-1a2b3c4d
{
"GroupId": "sg-903004f8"
}
$ aws ec2 authorize-security-group-ingress --group-id sg-903004f8 --protocol tcp --port 3389 --cidr 203.0.113.0/24
The following command adds another rule to enable SSH to instances in the same security group.
$ aws ec2 authorize-security-group-ingress --group-id sg-903004f8 --protocol tcp --port 22 --cidr 203.0.113.0/24
To view the changes to the security group, run the describe-security-groups command.
$ aws ec2 describe-security-groups --group-ids `sg-903004f8`
O/P is:
{
"SecurityGroups": [
{
"IpPermissionsEgress": [
{
"IpProtocol": "-1",
"IpRanges": [
{
"CidrIp": "0.0.0.0/0"
}
],
"UserIdGroupPairs": []
}
],
"Description": "My security group"
"IpPermissions": [
{
"ToPort": 22,
"IpProtocol": "tcp",
"IpRanges": [
{
"CidrIp": "203.0.113.0/24"
}
]
"UserIdGroupPairs": [],
"FromPort": 22
}
],
"GroupName": "my-sg",
"OwnerId": "123456789012",
"GroupId": "sg-903004f8"
}
]
}
P.S. awless.io - A Mighty CLI for AWS
There is also a bit outdated but still convenient CLI tool:
wallix/awless: A Mighty CLI for AWS
A Mighty CLI for AWS http://awless.io/
Here the Medium post about it