How to restrict EC2 to access to intranet

Question

We have hosted of EC2 instance on AWS cloud and We are trying to restrict the access to only the Ip address of our Private Intranet. But then the Ip is keeps changing . We wanted to know if there was any parameter of our intranet which is constant that can be configured in AWS security groups .
Any Suggestions will be really helpful.

Answer 1

The only parameters within AWS Security Groups available to you for white-listing an incoming connection (which is what you're trying to do) are:

• type/protocol (e.g. TCP)
• port range (e.g. ports 22-25)
• source
  • network subnet range
  • an IP address
  • another Security Group

The parameter most applicable to your situation - because it's the most restrictive - is the IP address and unfortunately this value keeps changing, implying that the IP address of your intranet's Internet router is a dynamic IP address.

Short of any scripting sorcery involving dynamically updating n SG with your ever-changing IP address, the simplest solution would be to contact your intranet's ISP and request a static IP address.

Anything other solutions would be much more technically involved and kind of out of scope for the question.

Best of luck!

Answer 2

By assuming your private intranet is another subnet. You can disable access from internet by removing any route which is pointing to internet gateway.

Answer 3

Why does your intranet IP keep changing? Set it to a static one.

Other than that, you have to update it in the AWS security group each time.