By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Correct security group egress for CodeDeploy-ing to EC2 instances

0

Hello everyone,

We're using CodeDeploy to deploy to EC2 instances. We've installed the CodeDeploy Agent onto the AMI, which is based on AL2023.

Until recently, the security group assigned to the EC2s would allow egress all traffic to all ports. We want this to be a more sensible config, but can't find which ports and to which IPs to configure egress, so that CodeDeploy still works. CodeDeploy documentation specifies SSH & RDP ports, and alongside these we added 443, but the CodeDeploy Agent can't communicate with the service.

Has anyone here figured out what ports CodeDeploy needs?

Thank you in advance for your help!

Topics
Developer ToolsComputeNetworking & Content Delivery
Tags
AWS CodeDeployAmazon EC2Security Group
Language
English
Dan Iosif
asked 6 months ago246 views
2 Answers
0

Hello.

Have you checked the CodeDeploy Agent logs?
The CodeDeploy Agent should be communicating with the CodeDeploy endpoint over HTTP and HTTPS, so the security group's outbound rules must allow HTTP and HTTPS.
https://docs.aws.amazon.com/codedeploy/latest/userguide/deployments-view-logs.html

profile picture
EXPERT
Riku_Kobayashi
answered 6 months ago
0

Instantly im thinking you need to allow outbound DNS requests UDP/TCP port 53..

Could it be a resolution problem than connectivity?

Other than that it will need port 443 outbound also to connect to the HTTPS endpoints and S3.

profile picture
EXPERT
Gary Mclean
answered 6 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content