How to setup an EC2 Security Group to only allow inbound traffic on a port from the API Gateway only



  • EC2 instances hosting a REST API microservice
  • A Network Load Balancer that fronts the EC2 instances with a port 443 Listener that has an ACM issued Private SSL cert installed on it
  • I have created a VPC link to that NLB.
  • Created an instance of the API Gateway and defined a method on it.

Everything is working fine. I need help with creating a Security Group rule that only allows inbound traffic from the API Gateway on the EC2 port where the API Microservice is exposed. How can I go about doing that?

Will appreciate any help with this issue.

2 Answers
answered a year ago

You can try to turn off Preserve IP option of NLB Target Group. If you turned off the option, NLB will translate source IP with NLB's IP. It means that you can allow inbound traffic using security group rule with NLB's IP. I didn't test this but I think it should work.

profile pictureAWS
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions