Reputation: 4182
AWS Security Group - Set of port for set of IPs
I want to open a set of port which isn't a range, let's say, 5000, 5100, 5200, 5300, 5400, etc for a set of IPs which are different, example 111.111.111.111/32, 222.222.222.222/32, etc
From the security group interface it looks I'll have to add custom inbound rules like:
- 5000 - 111.111.111.111/32
- 5000 - 222.222.222.222/32
- 5100 - 111.111.111.111/32
- 5100 - 222.222.222.222/32
- etc
Is there a way to group any of these? So either:
- 5000,5100,etc - 111.111.111.111/32
- 5000 - 111.111.111.111/32,222.222.222.222/32
If no, the issue is that I can't add infinite number of inbound rules. So what's the solution?
Upvotes: 0
Views: 91
Answers (1)
Reputation: 3860
You can do that by creating security groups each for 5000 , 5100 etc say security-group-port-5000 , security-group-port-5100 and add the rules accordingly into that security group eg .
security-group-port-5000 - inbound rules 5000 - 111.111.111.111/32,222.222.222.222/32
security-group-port- 5100 - inbound rules 5100 - 111.111.111.111/32,222.222.222.222/32
You can do that using boto3 also
Also, since you can add limited inbound rules, I would recommend to use IpMasking whereever possible.
AWS also provides you to add one security group into another security group also. Read here
Upvotes: 1
Related Questions
- AWS reuse IP's in several security groups
- Add a list of IP as Source IP in Security Group
- AWS security group: Port range?
- How to temporarily open and close a port to a certain IP on an AWS security group?
- Clear rules of AWS security group for a particular port
- How to specify all ports in Security group - CloudFormation
- How to disable port access from other AWS regions inside AWS security group
- Are AWS Security Group Port Ranges Inclusive or Exclusive
- EC2: Allowing multiple IPs for a security group rule
- AWS Port in Security Group but Can't Connect