Reputation: 35390
How do I use AWS security groups to whitelist only certain EC2 instances?
My understanding of AWS Security Groups is that it is essentially a whitelist.
Everything is blocked unless explicitly allowed.
Let's say hypothetically that I have some EC2 instances setup with autoscaling.
In the context of autoscaling, I won't necessarily know what those future IP's will be.
Say I have a set of EC2 instances that are used for databases like mysql or mongodb.
I want to only allow my application servers to be able to access my database servers.
Is there a way to create a tag for an EC2 instance and per the security group, allow any EC2 instance with a certain tag?
How is this usually done in the real world?
Thanks in advance
Upvotes: 12
Views: 13738
Answers (1)
Reputation: 35390
Looks like you can use security groups as classifiers and use the security group 'id' for the 'Source' field.
For example:
Say you had a cluster of web servers who belong to a 'web' security group (sg-12345)
Say you had a cluster of database servers who belong to a 'db' security group (sg-23456)
You can have the 'db' security group allow port 3306 to sg-12345 and as long as new instances are brought up in the 'web' security group, they'll have access to 'db' on the port 3306
Upvotes: 9
Related Questions
- How to deny all outbound traffic from an AWS EC2 Instance using a Security Group?
- Whitelisting ec2 instances in a VPC
- Restrict AWS EC2 outbound traffic with a security group
- How to create an AWS policy that restricts users from creating a security group that allows all inbound traffic?
- Whitelist all EC2 instances from a particular AWS account in another AWS account's security group
- How to whitelist AWS IP-Range in an EC2 security group?
- How to whitelist certain IP addresses to grant access to EC2 instances?
- Limit Amazon AWS Access of Specific EC2/RDS Instances
- Restrict EC2 security group to Elastic Beanstalk instances
- How do I restrict AWS instances by user group in the AWS console?