- Newest
- Most votes
- Most comments
You can have multple rules (or even multiple security groups if necessary) for the same port with different source IP. Would that solve your problem?
Are the hosts hosts are dynamically provisioned, through autoscaling or similar? In the User Data of the Launch Template associated with the autoscaling group, the newly-created instance can add its IP to the security group.
It may be smarter to configure a lifecycle hook that invokes a lamdba function to add the IP to the rule when an instance is provisioned, and can also remove the IP from the rule when an instance is terminated https://docs.aws.amazon.com/autoscaling/ec2/userguide/tutorial-lifecycle-hook-lambda.html
There is a soft limit on the number of rules in a security group, this can be increased https://repost.aws/knowledge-center/increase-security-group-rule-limit
Relevant content
- asked 5 years ago
- asked 2 years ago
- Accepted Answerasked 2 years ago
AWS OFFICIALUpdated 23 days ago- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 8 months ago
I do understand that solution. However I can only make a new security group when creating the instance. For having 60 arduinos in the end, I could find all their IPs then create an instance but that process would be backwards from what I want but would be more secure that having the port open to Anywhere (ie. 0.0.0.0).
Is there a way to add a security group rule after its been created? If so then this might be a possible work around to the problem, although it's not my first choice.
Sure, you can create security groups independently of instances, and also edit rules of existing groups.
You can automate it with IAC or AWS SDK, Python etc Is username/password not secure enough on Node Red?