How to allow inbound traffic for internal machines only on EC2?

amazon-ec2 amazon-web-services amazon-vpc
13,454

Solution 1

Your EC2 has a Public and Private IP. Use the Private IP and create the applicable rule in your Security Group's Inbound settings.

Log-in to the AWS Management Console and navigate to EC2.

To get your Private IP, navigate to Instances. Select the EC2 instance and go to the Description tab. You will find the Private IP there.

To create a Security Group rule, go to Network and Security > Security Groups. Select the applicable security settings and add port 9200 using the Private IP.

EDIT: I suggest you just edit your existing Security Group instead of creating a new one. Each EC2 comes with a Security Group when it is created.

How To:

  1. Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/
  2. In the navigation pane, choose Security Groups.
  3. Select the security group used by the EC2 instance that you want to allow inbound port 9200.
  4. Once selected, in the Inbound Tab, choose Edit.
  5. Once the Edit inbound rule page opens, choose Add Rule. Here your can add port 9200 using the Private IP of the other EC2 instances.

Sample vaues when adding new security rule:

  • Type: Custom TCP Rule
  • Protocol: TCP
  • Port Range: 9200
  • Source: Custom IP 172.25.25.25/32

Reference: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html#security-group-rules

Solution 2

AWS EC2 instance has both private and public IP. To check the private IP, click on the instance in the AWS EC2 management console and right click -> Networking-> Manage private IP address.

You can check both private and public IP address. You can block all the incoming traffic on your public IP address and use private IP address for connecting within network.

Share:
13,454

Related videos on Youtube

M-T-A
Author by

M-T-A

"It's the little details that are vital. Little things make big things happen". John Wooden Interested in Graph Databases, Spark, Java, Machine Learning and afternoon tea.

Updated on September 18, 2022

Comments

  • M-T-A
    M-T-A over 1 year

    I have an EC2 machine with Elasticsearch installed. I need to get port 9200 open so other internal machines on the same region could access this port. I have no intention to keep this port open publicly.

    I'm not sure how to do this. Is there a custome IP that I could use to do so? Should I use VPC?

    • Admin
      Admin almost 8 years
      VPC would be better, but you can do this with security groups too.
  • M-T-A
    M-T-A almost 8 years
    Would you provide a step by step guide on how to add a security group?
  • jarvis
    jarvis almost 8 years
    @M-T-A I suggest you EDIT your security group instead of creating a new one. Each EC2 has a security group when the instance is launched. I edited the answer.
  • M-T-A
    M-T-A almost 8 years
    Thanks for updating it. Is there a way to allow ALL instances in the region to access it?

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How to use IPSec / Openswan with Amazon's Virtual Private Cloud (VPC) and EC2?
How to assign EIP to Autoscaling Group of VPC in Cloudformation template
can't connect aws VPC private instance to internet through NAT
Routing between the instances in AWS
Why does port 6379 need to be opened on the security group for elasticache?
Can you connect to Amazon VPC VPN from Windows 7 without a hardware VPN on your end?
aws private instance cannot resolve hostname (VPC with NAT instance)
Is it okay to use an Elastic Load Balancer for ssh/sftp traffic?
ssh timeout issue connecting to an EC2 instance on OS X
Ec2 instance static private ip address