- Newest
- Most votes
- Most comments
Can you set the Security Inbound rule to open to internet and then ssh into the EC2 machine and then type "who am i" on the EC2 terminal. It should give you the IP address of the ssh client. Now modify the Security Group to use that IP instead of the IP address that you get from a website like whatsmyip. I just tested it and it worked.
Thank you for your response. It works now but can you explain why is this the case? What is this IP? It a proxy of some sort in the middle? This IP is the same for all instances or I need to manualy find out the IP every time I create a new instance?
Unless you have a static IP address, the IP could change. I connect over VPN and my iP changed between yesterday and today from a.b.c.d to a.b.c.d+1, so if I had specified a.b.c.0/24 instead of a.b.c.d/32, I would be good. If I disconnect from the VPN then the IP matches what is shown on whatsmyip, which is my ISP assigned IP address, which is assigned using DHCP and also can change. So if you want to be very secure, you should get a static IP or connect from your corporate network.
The IP that you put in the security group is the IP of the client machine from where you are connecting and will be the same for multiple EC2 machines.
Relevant content
- Accepted Answerasked 5 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
When you use the same security group (launch-wizard-2), but with an allow all IP addresses (for SSH port), you're able to connect to the instance?
Hi Joahna,
Yes, I am able to. This is the reason why I find this behaviour strange