0

I'm starting with AWS and trying to access a running instance from another running instance by using the ELB. I can access the load balancer if I open the port and add to the source column 0.0.0.0/0. However, this opens a security thread. Is it possible to access from the instance only that open port without using the 0.0.0.0/0. I've tried by adding the security group of that instance to the Inbound roules of the ELB without success.

PD: I cannot put the instance public IP address to the source column of the ELB to allow traffic from that IP because the IP can change as it belongs to an autoscaling group which will launch new instances if one fails.

ruohola
  • 21,987
  • 6
  • 62
  • 97
alex
  • 335
  • 6
  • 17
  • I'll edit my question as I cannot "hardcode" the ip to the source column because the ip of the instance will be dynamic due to the autoscaling group. Not sure I'm following the response of the link you sent me though – alex Jan 07 '21 at 09:13
  • Yeah, your only solution is to associate elastic IP addresses with the instances, and then whitelist those elastic IPs in your security group. Unfortunately if your autoscaling group is creating more than once instance, you have to add a separate elastic IP for each of them more or less manually: https://stackoverflow.com/a/46400392/9835872 – ruohola Jan 07 '21 at 09:18
  • thanks @ruohola. You can add it as a response so I can validate it – alex Jan 07 '21 at 10:03

1 Answers1

1

The reason for the issue is pretty much this: https://stackoverflow.com/a/42584737/9835872

Your only solution is to associate elastic IP addresses with the instances, and then whitelist those elastic IPs in your security group. Unfortunately if your autoscaling group is creating more than once instance, you have to add a separate elastic IP for each of them more or less manually: https://stackoverflow.com/a/46400392/9835872

ruohola
  • 21,987
  • 6
  • 62
  • 97