Usando AWS re:Post, accetti AWS re:Post Termini di utilizzo
AWS re:Postre:Post

Correct security group egress for CodeDeploy-ing to EC2 instances

0

Hello everyone,

We're using CodeDeploy to deploy to EC2 instances. We've installed the CodeDeploy Agent onto the AMI, which is based on AL2023.

Until recently, the security group assigned to the EC2s would allow egress all traffic to all ports. We want this to be a more sensible config, but can't find which ports and to which IPs to configure egress, so that CodeDeploy still works. CodeDeploy documentation specifies SSH & RDP ports, and alongside these we added 443, but the CodeDeploy Agent can't communicate with the service.

Has anyone here figured out what ports CodeDeploy needs?

Thank you in advance for your help!

Argomenti
Strumenti per sviluppatoriComputazionaliNetworking e distribuzione di contenuti
Tag
AWS CodeDeployAmazon EC2Gruppo di sicurezza
Lingua
English
Dan Iosif
posta 6 mesi fa261 visualizzazioni
2 Risposte
0

Hello.

Have you checked the CodeDeploy Agent logs?
The CodeDeploy Agent should be communicating with the CodeDeploy endpoint over HTTP and HTTPS, so the security group's outbound rules must allow HTTP and HTTPS.
https://docs.aws.amazon.com/codedeploy/latest/userguide/deployments-view-logs.html

profile picture
ESPERTO
Riku_Kobayashi
con risposta 6 mesi fa
0

Instantly im thinking you need to allow outbound DNS requests UDP/TCP port 53..

Could it be a resolution problem than connectivity?

Other than that it will need port 443 outbound also to connect to the HTTPS endpoints and S3.

profile picture
ESPERTO
Gary Mclean
con risposta 6 mesi fa

Accesso non effettuato. Accedi per postare una risposta.

Una buona risposta soddisfa chiaramente la domanda, fornisce un feedback costruttivo e incoraggia la crescita professionale del richiedente.

Linee guida per rispondere alle domande

Contenuto pertinente