security group rule with multiple IPs

0

Hello,

I am using an EC2 instance to run a node-red server. An Aedes broker for Node red runs on port 1883, which is used with MQTT to connect arduinos to the internet. I need to create a new security group rule with port 1883. However the issue is with the IP. For security reasons I don't want to have the access as Anywhere (ie. 0.0.0.0) because then it can get hacked. I also can't use ONE custom IP because there will be multiple arduinos with different IPs that need to connect through that port to connect to the broker and only one arduino would be able to connect in that case.

If anyone has any solution please let me know! G.

Galamex
asked a month ago127 views
2 Answers
0

You can have multple rules (or even multiple security groups if necessary) for the same port with different source IP. Would that solve your problem?

profile picture
EXPERT
Kallu
answered a month ago
profile picture
EXPERT
reviewed a month ago
0

Are the hosts hosts are dynamically provisioned, through autoscaling or similar? In the User Data of the Launch Template associated with the autoscaling group, the newly-created instance can add its IP to the security group.

It may be smarter to configure a lifecycle hook that invokes a lamdba function to add the IP to the rule when an instance is provisioned, and can also remove the IP from the rule when an instance is terminated https://docs.aws.amazon.com/autoscaling/ec2/userguide/tutorial-lifecycle-hook-lambda.html

There is a soft limit on the number of rules in a security group, this can be increased https://repost.aws/knowledge-center/increase-security-group-rule-limit

profile picture
EXPERT
Steve_M
answered a month ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions