Questions tagged with Security Group
Sort by most recent
Browse through the questions and answers listed below or filter and sort to narrow down your results.
Connect to the database in an EC2 instance from the ECS cluster
I have Superset deployed on AWS using the guide https://aws.amazon.com/quickstart/architecture/apache-superset/ where I chose to deploy it in an existing VPC. The Superset deployment worked out alright and I can access Superset at the provided link. When I try to connect to a database which is hosted in an EC2 instance, within the same VPC, I get the error, port 5432 is closed message on my Superset. The DB is up and running in the EC2 instance, which has been verified locally and remotely through my laptop. I was previously able to connect to a database on RDS by adding the security group of the ECS Superset to the security group of the RDS instance. The same technique did not work for the ECS (Superset) -> EC2 (DB) connection. I also tried adding the IPv4 subnet range like 172.**.**.0/20 to the EC2 security group without success. These subnet ranges were obtained from the ECS deployment. Any help to debug this issue would be greatly appreciated.
To allow access from the server behind alb, which address should I enter, alb or server?
I created a server behind alb. You are trying to connect from that server to another server that is not connected to alb. I am not sure whether to put the alb ip or the server ip to set the security group of the server not connected to alb, so I put both. In the case of alb, I know that all server communication is done through alb, so I think alb alone is fine, but I think I need to write the destination, so I think I need to put the server ip as well. I wonder if it is enough to set the security group with only one alb address or both.
Is it possible to connect aws fargate with task ip instead of load balancer DNS?
I implemented a web server in fargate. The web server connection through the application load balancer DNS went well. However, when I connected to the task public ip, I couldn't connect. I checked that the ip and port are set properly in the service security group. In my opinion, fargate doesn't directly connect to public ip like ssh can't access. Am I right?
Instance launch failed. Adding EFS security group to mount targets failed. The maximum number of security groups per interface has been reached.
I'm trying to launch a new ec2 instance that automatically mounts an existing EFS file system. I'm using the following settings: ``` Amazon Linux 2 Kernel 5.10 AMI 2.0.20220719.0 x86_64 HVM gp2 64-bit (x86) ami-0c956e207f9d113d5 c5a.16xlarge VPC (default) Subnet: The subnet of the default VPC in eu-central-1a zone. Create security group File systems: EFS An existing file system in eu-central-1a zone ``` I have done the same operation before, but now i get an error. ``` Instance launch failed The maximum number of security groups per interface has been reached. Launch log Initializing requests Succeeded Creating security groups Succeeded Creating security group rules Succeeded Creating EFS security groups Succeeded Adding ingress rules to EFS security groups Succeeded Adding egress rules to EFS security groups Succeeded Adding EFS security group to mount targets Failed ``` What should I do to fix this?
With a Security group I can't connect to EC2 instance
Hello, I have a security group which allows inbound traffic to port 22 from the world 0.0.0.0, then I created an EC2 instance with that security group attached but I can't connect to the instance, the instance of course has an external public IP (AWS assigned one inside 3.24x.x.x range) but I cant' connect, this instance is in eu-west-1 (Ireland), I don't even get a response using telnet on port 22 while trying to connect to it, however, if I create an EC2 instance with the same SG rules (different SG because it's different region but the same rules) in eu-west-3 (Paris) I can connect. I tried this many times with the same result, thank you for any help
EKS Cluster was create Security Group and don't cleanup this SG after destroy
About two weeks ago we found that CFN manifest after delete can not removed VPC. I've checked that and it turned out that the EKS cluster don't removed Security Group which self created. Security group has naming "eks-cluster-sg-EKS-*" with description "EKS created security group applied to ENI that is attached to EKS Control Plane master nodes, as well as any managed workloads." How I can fix that? For reproduce that you need to deploy VPC with EKS by CFN or using AWS QSS solution. Thanks
Restoring Redshift Cluster from Snapshot fails. You do not have access to node type.
Hello, We have a Redshift Cluster ds2.xlarge running on us-east-1, that have KMS encryption in place. We're aiming to create a clone of it for testing a node upgrade using the console. To do so, we created a manual snapshot. For the next step, we're selecting the snapshot and "Restore to provisioned cluster". In the configuration screen, assigning a new name to cluster identifier and keeping all other parameters the same. That is: * **Node type:** ds2.xlarge (all other options grayed out) * **Number of nodes:** 1 (Only allows 1) * **Database name & port:** Same as original cluster * **Cluster Permissions:** Associating same IAM roles as original cluster * **Additional Configurations:** Using default VPC, subnet and Security Group and Configuration (Same as original cluster) Upon selecting the above "Restore cluster from snapshot" throws the following error: `You do not have access to node type ds2.xlarge. Choose another node type` We're using the same admin account both for KMS and the Redshift Cluster. Wondering if the issue could be using the same VPC, encryption or something else? Thanks
I can not connect to my ec2 instance by ssh, sg port checked
I start my free trial ec2 instance (AMI : amzn2-ami-kernel-5.10-hvm-2.0.20220719.0-x86_64-gp2), and got a public ip address on it , security group rules expose all ports no matter in&outbound even But i just can not connect to it , i have received "Connection failed" msg in my local pc ssh client, and i also try to connect it by using aws console "EC2 Instance Connect" option to do that, it fail as well. (console msg here) ![Enter image description here](https://repost.aws/media/postImages/original/IMj0UiiC_rTjKdk-5IDXxCRQ) AND I even stop this ec2 instance and start a new one with totally new config like previous one, but got same result. By using port scan tool , I found the port 22 is closed, question is that my sg rules open it **definitely** (console screenshot here) ![Enter image description here](https://repost.aws/media/postImages/original/IMakXEDNrlSVWg3tsJIkAVVQ) Finally, I found a stackoverflow question like my situation , [this answer](https://stackoverflow.com/a/55234006/19652493) maybe the result ? Is my account "isolated" ? Is there anyone could tell me something useful ?
EC2 Instance Connect SSH source IP
Hi All, Im working with my first EC2 instance and im going around the details of security groups. The default security group that i have includes an allow all (0.0.0.0/0) inbound ssh (tcp-22). When I establish an ssh connexion via the EC2 instance connect method (directly from the management console) I see that the source ip is an aws ip ... public ip (i check by doing a who). Do you know what is this ip? is it the cloudshell from my management console? thanks in advance!
open port to multiple IP's
I am looking to open a port to a EC2 Instance from multiple ip's. Rather than creating a rule for each IP address is there any other options. I have tried creating a prefix list and added a list of IP's there but when i try apply prefix list in the secuurity group i get an error The maximum number of rules per security group has been reached.