How to setup an EC2 Security Group to only allow inbound traffic on a port from the API Gateway only

Question

Background:
* EC2 instances hosting a REST API microservice
* A Network Load Balancer that fronts the EC2 instances with a port 443 Listener that has an ACM issued Private SSL cert installed on it
* I have created a VPC link to that NLB.
* Created an instance of the API Gateway and defined a method on it.

Everything is working fine. I need help with creating a Security Group rule that only allows inbound traffic from the API Gateway on the EC2 port where the API Microservice is exposed. How can I go about doing that?

Will appreciate any help with this issue.

Answer

You can try to turn off Preserve IP option of NLB Target Group. If you turned off the option, NLB will translate source IP with NLB's IP. It means that you can allow inbound traffic using security group rule with NLB's IP. I didn't test this but I think it should work.

Answer

This document may help: https://docs.aws.amazon.com/quicksight/latest/user/vpc-security-groups.html

How to setup an EC2 Security Group to only allow inbound traffic on a port from the API Gateway only

관련 콘텐츠