Give EC2 access to a ELB Elastic Beanstalk system

Question

I have a database server on a EC2 instance, I want it to accessible by Elastic Load Balancer cluster.

I tried adding the subnet of the Load Balancer security groups of database EC2.

There must be some way to give whole cluster of EC2 instance created ELB and autoscalling, access to single EC2.

Answer 1

Your question isn't too clear, but it appears your scenario is:

Internet -> ELB -> EC2 fleet -> Database (on EC2 instance)

• You have a database running on a single EC2 instance
• You have multiple EC2 instances running an application that connect to the database
• You have an Elastic Load Balancer that accepts traffic from the Internet and distributes it to the EC2 instances running the application

You should configure the following Security Groups:

• ELB-SG: Configure this security group to allow incoming web traffic from the Internet (0.0.0.0/0). Associate the security group to the Load Balancer.
• App-SG: Configure this security group to allow incoming web traffic from ELB-SG. Associate the security group with every instance in the application fleet. If the EC2 instances are launched via Auto Scaling, then associate the security group with the Launch Configuration.
• DB-SG: Configure this security group to allow incoming traffic from App-SG. Associate the security group to the EC2 instance running the database.

When I say "allow incoming traffic from xxx-SG", I mean that you should enter the name of the incoming security group in the Source field when configuring the security group. This will automatically insert the unique name of the security group (sg-xxxx). It means that any resource associated with the referenced security group will be allowed incoming access on the nominated port.

You should avoid using an IP address or CIDR range in a security group, because they can change (eg if you launch another EC2 instance). By referencing a security group by name, it will automatically update as instances are added/removed.