2

I have a web application launched using ElasticBeanstalk (EB) with load balancer, which instances may be added/removed based on the trigger. Now I have a Redis server hosted on EC2 with port 6379 that I only want this very EB instances (all the instances launched by this EB) have access to that port. EB has a security group (SG) called sg-eb and Redis has a SG called sg-redis.

All these are deployed under same VPC but may or may not be the same subnet.

How to I configure sg-redis so that all the instances under the EB have access to redis? I tried adding sg-eb to sg-redis allowing port 6379 but no luck. The only way I made it work was adding each instance's public IP to sg-redis so they have access. Though, if the load balancer adds/removes an instance, I'll need to manually configure sg-redis again.

Update #1 enter image description here

Lancelot
  • 1,421
  • 2
  • 17
  • 27
  • can you maybe share some pictures of your setup so we can help? What you mentioned so far should work, theoretically :) – mostafazh Sep 24 '17 at 14:44
  • 1
    "I tried adding sg-eb to sg-redis allowing port 6379 but no luck" that's all you should have to do in the security group. Make sure the EB servers are referencing the EC2 Redis server via its private IP address. – Mark B Sep 24 '17 at 14:57
  • is the EB environment and the redis box inside the same VPC? – eugecm Sep 24 '17 at 18:01
  • @mostafazh please see updated image. – Lancelot Sep 24 '17 at 20:09
  • @MarkB can you please describe more on what you mean by "EB servers are referencing the EC2 Redis server via its private IP address"? How do I setup by that way? – Lancelot Sep 24 '17 at 20:10
  • @eugecm yes they are – Lancelot Sep 24 '17 at 20:10
  • 2
    The redis ec2 instance will have 2 ips, one public and one private. You can find them when selecting the instance on the ec2 management console. Make sure you connect to that ec2 instance via this internal ip – mostafazh Sep 24 '17 at 20:16
  • @mostafazh awesome, got it working. By any chance you know how I can use the same logic for DB server (eg. MongoDB)? I have similar setup but when I try to connect, MongoDB always says authentication failed by connecting to the private IP of the instance. – Lancelot Sep 24 '17 at 23:41
  • @lancelot see my answer below :) – mostafazh Sep 24 '17 at 23:51

1 Answers1

1

The Redis EC2 instance will have 2 IPs, one public and one private. You can find them when selecting the instance on the EC2 management console. Make sure you connect to that EC2 instance via this internal IP.

mostafazh
  • 4,144
  • 1
  • 20
  • 26
  • @lancelot would mongodb accept the connections if tried to connecting to public IPs? Make sure mongodb server is not listening (binded) to the localhost, but rather to all network interfaces. You come find more about mongodb configurations here https://stackoverflow.com/a/18413175 – mostafazh Sep 24 '17 at 23:49
  • yeah, it's not listening to locolhost and connecting using public IP works. It's the private IP not working with error saying "Authentication failed" – Lancelot Sep 24 '17 at 23:55
  • That doesn't look like an security group issue, if mongodb is replying with with an authentication failed. My suggestion is to post a new question for this issue AFTER you confirm there is nothing wrong with the user password or other silly issues like that – mostafazh Sep 25 '17 at 00:01