How do I restrict access to SSH port 22 in my Elastic Beanstalk instance security group to a specific CIDR or security group?
I configured an AWS Elastic Beanstalk environment with an Amazon Elastic Compute Cloud (Amazon EC2) key pair. The instance security group opened SSH port 22 to the internet (0.0.0.0/0). I want to restrict SSH access to a specific CIDR or a security group in the Elastic Beanstalk instance.
Resolution
Note: Elastic Beanstalk uses AWS CloudFormation to manage resources. If you manually change an Amazon EC2 instance outside of CloudFormation, then errors might occur.
To restrict access to a specific CIDR range or security group, configure the following settings.
Restrict SSH access to a specific CIDR range
Complete the following steps:
-
Create a config file that has the following settings:
option_settings: aws:autoscaling:launchconfiguration: SSHSourceRestriction: tcp, 22, 22, my-cidr-rangeNote: Replace my-cidr-range with your CIDR range.
-
Move the file to the .ebextensions folder in the root of the application source bundle:
.ebextensions/SSHSourceRestriction.config
Restrict SSH access to a specific security group
Complete the following steps:
-
Create a config file that has the following settings:
option_settings: aws:autoscaling:launchconfiguration: SSHSourceRestriction: tcp, 22, 22, my-security-groupNote: Replace my-security-group with your security group name.
-
Move the file to the .ebextensions folder in the root of the application source bundle:
.ebextensions/SSHSourceRestriction.config
Related information
elastic-beanstalk-samples on the GitHub website
Relevant content
- asked 4 years ago
- Accepted Answerasked 2 years ago
- AWS OFFICIALUpdated 23 days ago
- AWS OFFICIALUpdated 9 months ago
- AWS OFFICIALUpdated 10 days ago
- AWS OFFICIALUpdated 7 months ago
