Reputation: 784
EC2: Allowing multiple IPs for a security group rule
In EC2-classic, I've been trying to use a security group as the source for another security group, to allow access from multiple IPs (work and home). The way I've been trying is to make a security group named 'my_ips' with one rule for each of my ip numbers (as CIDR), open for all TCP ports. Then I configure a security group say 'my_sg', each rule of which has a single port open (say 22), and its source being security group 'my_ips'. Then I allocate 'my_sg' to my EC2 instance.
What I'm trying to avoid is having to configure multiple rules in 'my_sg' for each port, each rule having the same port but different IP. I'm trying to have 'my_ips' rules filter by IP, then 'my_sg' rules filter by port number.
No luck. Clearly I am doing it wrong. Is there a way to achieve what I want?
Upvotes: 9
Views: 21149
Answers (1)
Reputation: 34416
You're mistaken about how security groups work. When you choose to allow an SG as the source in a rule for another SG, you're saying that any EC2 instance that is a member of that SG is permitted on the port you specify. It is not related to the rules of the source SG.
I understand that you're trying to specify all the addresses that should be allowed for port 22 within a single rule, but unfortunately that's no possible with security groups currently. You need to express each IP address and port as its own rule.
Upvotes: 18
Related Questions
- AWS reuse IP's in several security groups
- Add a list of IP as Source IP in Security Group
- How to assign multiple public IPs to an AWS EC2 instance?
- AWS security group rules based on origin IP
- How to whitelist AWS IP-Range in an EC2 security group?
- How to whitelist certain IP addresses to grant access to EC2 instances?
- How can i customised outbound rules of ec2 instance for particular IP's
- Defining multiple whitelisted IP ranges for multiple rules on AWS
- AWS Security Group - Set of port for set of IPs
- Restrict the access to aws instance from specific IP