How to allow elastic load balancer through port 80 in security groups?

amazon-ec2 load-balancing amazon-web-services scaling
17,082

Solution 1

What Eric takes the long way to point you towards but doesn't actually state is that you need to authorize the source as the amazon-elb/amazon-elb-sg. If you're doing this through the AWS Management Console it will actually auto-complete when you start typing it into the source field. I operate several ELB configurations and they all allow access to 80/TCP via this security group and the static IP addresses of my monitoring systems.

To address the updated request info, you can not restrict what IP addresses can hit the ELB. This could be possible on the Apache server side if you write rules that look at the headers and make decisions to reject the page view. My way of restricting access for testing is add my static IP to the security group allowed to hit the EC2 instance via port 80/TCP and simply take the instance out of the ELB for testing.

Solution 2

Amazon announced support for this in April:

You can now configure EC2 instances sitting behind an Elastic Load Balancer to receive traffic only from the Load Balancer by using a special Security Group associated with the Elastic Load Balancer. To do this, you call the DescribeLoadBalancers API to get the name of the SecurityGroup,andthen includethat group in the group list when you subsequently launch some EC2 instances. The name of the Security Group can also be obtained from the load balancer details pane in the AWSManagement Console.

http://aws.typepad.com/aws/2011/05/elastic-load-balancing-ipv6-zone-apex-support-additional-security.html

Solution 3

I should add that amazon-elb/amazon-elb-sg is the default name of the load balancer security group. If you changed the name of the security group then adding amazon-elb/amazon-elb-sg will not work. A more generic answer is to add the security group ID or the security group name of the load balancer to the security group of all the instances participating in the cluster.

Solution 4

Create a new Security Group for the ELB, then only allow access to the EC2 from the ELB security group. Change the Security settings in VPC section to easier do this.

Specfic IP/Range -> ELB -> EC2(Only ELB Group) ->

I have multiple dev env which have private access via ELB, but have healthchecks that are required for server moniroting.

Share:
17,082
Liron Harel
Author by

Liron Harel

Updated on September 18, 2022

Comments

  • Liron Harel
    Liron Harel over 1 year

    I want to temporarily block port 80 for the outside world, but want the load balancer to pass through the firewall (via security group) so it won't see the instance as unhealthy. How can I do that?

    Update: I also want to know how can I allow only myself accessing to the elastic load balancer via port 80 (but prevent others access). I know that the load balancer doesn't have specific security groups that I can setup and tell it to only accept my IP address, but is there any other way to do it?

  • Liron Harel
    Liron Harel over 12 years
    It didn't answer the question how can I allow only myself to access to the load balancer for port 80, not me accessing the EC2 server directly. There aren't any security group for the load balancer it self.
  • Eric Hammond
    Eric Hammond over 12 years
    How about just password protecting the site except for the health check URL?
  • Liron Harel
    Liron Harel over 12 years
    How can I obtain the name of the security group of the load balancer via the management console UI?

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

EC2 Failing Load Balancer Health Check
Get AWS ELB name from an attached instance
How to load balance sftp instances on AWS
Install AWS SSL Certificate to EC2 instance without load balancer
How does one point a domain to a load balancer that doesn't have a stable IP?
AWS: Multi-region setup using single RDS instance
How can I deploy a scalable, reliable haproxy cluster on Amazon EC2?
EC2 Update my existing AMI
AWS Elastic Load Balancer and multiple availability zones
AWS load balancer and maintenance page