By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Unable to properly configure EC2 instance security group rules to give access to Elastic Beanstalk for setting and updating the application environment.

0

I'm actually hosting a Node Js back end server, with a load balancer and an EC2 instance setup by using the Elastic Beanstalk service.

I wanna configure the EC2 instance security group rules to give the inbound traffic access to only the load balancer and the elastic beanstalk service, with no direct public internet traffic.

Well, I referenced the security group of the load balancer as a source for the load balancer to access EC2, but for the Elastic Beanstalk service, I don't know what to reference at the source input. I went through the documentation and found something known as AWS managed prefix lists, but I couldn't find any prefix list for the Elastic Beanstalk service.

Please help me with the above problem, I just started recently with AWS.

Topics
ComputeNetworking & Content Delivery
Tags
AWS Elastic BeanstalkAmazon EC2Security Group
Language
English
raghav
asked 16 days ago171 views
1 Answer
2

Every EC2 instance of your Beanstalk environment has a security group https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/using-features.managing.ec2.html#using-features.managing.ec2.securitygroups

So you can reference this security group as a traffic source in your NodeJS server security group. Logic is the same as you did for reference Load Balancer Security Group

profile picture
EXPERT
Oleksii Bebych
answered 13 days ago
profile picture
EXPERT
Artem
reviewed 8 days ago
  • raghav
    13 days ago

    The default security group created by the Elastic beanstalk service adds inbound rules as HTTP, HTTPS, and SSH from '0.0.0.0/0'(entire public internet addresses). But I want only a specific IP addresses to get SSH access of the instance. As the Elastic beanstalk setups the ec2 instance, and through SSH client it(the EB service) gets the instance access to download all the source code and everything right. I'm asking that what's the IP address or the prefix list of the Elastic Beanstalk service, by adding it as inbound rule we're giving instance access specifically to the EB Service to SSH.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content