inbound rule of security group for EC2 Instance in private subnet


I have 1-publicsubnet , 3-privatesubnets & load balancers before each subnet. I have 3 individual securitygroups.

Target1: I need to allow the traffic to instances of privatesubnet1 only from Loadbalancer1 OR instance in publicsubnet.

Target2: I need to allow the traffic to instances of privatesubnet2 only from Loadbalancer2 OR instance in privatesubnet1.

I need to know which IP/port has to be configured in INBOUND RULES of each securitygroup.

1 Answer

Have you considered splitting up your security groups for easier management? An instance can have up to 5 security groups assigned so you might create one which allows traffic from the load balancer; another that allows traffic from instances on the subnet then assign both of them to the target instance.

Second, you can cross-reference other resources in your security groups. So rather than use a static IP you can add the load balancer itself to the security group and the VPC control plane will automatically fill that in for you.

For other instances within the subnet, you can add the instances to the security group in the same way; but this might be inconvenient if there is auto-scaling happening. In that case, you might want to allow traffic from the entire private subnet. Some might say "well, that's insecure" but you control that private subnet - if there are other instances being launced in that subnet that you don't control I would say that is a larger thing to be concerned about. That said, you could create some automation to add/remove entries to/from the security group - but it's some extra work you have to do.

As far as the port is concerned - you will need to determine that based on what your application is doing. Presumably it will be TCP/443 (HTTPS) and/or TCP/80 (HTTP).

profile pictureAWS
answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions