How to allow inbound traffic for internal machines only on EC2?
Solution 1
Your EC2 has a Public and Private IP. Use the Private IP and create the applicable rule in your Security Group's Inbound settings.
Log-in to the AWS Management Console and navigate to EC2.
To get your Private IP, navigate to Instances. Select the EC2 instance and go to the Description tab. You will find the Private IP there.
To create a Security Group rule, go to Network and Security > Security Groups. Select the applicable security settings and add port 9200 using the Private IP.
EDIT: I suggest you just edit your existing Security Group instead of creating a new one. Each EC2 comes with a Security Group when it is created.
How To:
- Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/
- In the navigation pane, choose Security Groups.
- Select the security group used by the EC2 instance that you want to allow inbound port 9200.
- Once selected, in the Inbound Tab, choose Edit.
- Once the Edit inbound rule page opens, choose Add Rule. Here your can add port 9200 using the Private IP of the other EC2 instances.
Sample vaues when adding new security rule:
- Type: Custom TCP Rule
- Protocol: TCP
- Port Range: 9200
- Source: Custom IP 172.25.25.25/32
Reference: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html#security-group-rules
Solution 2
AWS EC2 instance has both private and public IP. To check the private IP, click on the instance in the AWS EC2 management console and right click -> Networking-> Manage private IP address.
You can check both private and public IP address. You can block all the incoming traffic on your public IP address and use private IP address for connecting within network.
Related videos on Youtube
M-T-A
"It's the little details that are vital. Little things make big things happen". John Wooden Interested in Graph Databases, Spark, Java, Machine Learning and afternoon tea.
Updated on September 18, 2022Comments
-
M-T-A over 1 year
I have an EC2 machine with Elasticsearch installed. I need to get port
9200
open so other internal machines on the same region could access this port. I have no intention to keep this port open publicly.I'm not sure how to do this. Is there a custome IP that I could use to do so? Should I use VPC?
-
Admin almost 8 yearsVPC would be better, but you can do this with security groups too.
-
-
M-T-A almost 8 yearsWould you provide a step by step guide on how to add a security group?
-
jarvis almost 8 years@M-T-A I suggest you EDIT your security group instead of creating a new one. Each EC2 has a security group when the instance is launched. I edited the answer.
-
M-T-A almost 8 yearsThanks for updating it. Is there a way to allow ALL instances in the region to access it?