Security Group for EC2 on public subnet for Code Deploy

Question

For EC2 on public subnet, my security group is only allow ssh, http, https, and tcp:3000, from vpc local network.
Would this security group work with code deploy? My VPC also has an public ALB

Accepted Answer

Hello.

It works.  
If you confirm that HTTP and HTTPS are allowed in the security group's outbound rules, communication from EC2's CodeDeploy Agent to CodeDeploy is possible, so it should work.  
https://docs.aws.amazon.com/codedeploy/latest/userguide/instances-ec2-create.html  
> In a production environment, we recommend restricting access to the SSH, RDP, and HTTP ports, instead of specifying Anywhere 0.0.0.0/0. CodeDeploy does not require unrestricted port access and does not require HTTP access. For more information, see [Tips for securing your Amazon EC2 instance](https://aws.amazon.com/articles/tips-for-securing-your-ec2-instance/).

Security Group for EC2 on public subnet for Code Deploy

관련 콘텐츠