Reputation: 612
AWS networking / security group ingress question
I'm having trouble finding an answer to a pretty general aws network question.
I'm making a call from serviceA (in accountA) to serviceB (in accountB). This is via an aws transit gateway, through an internal application load balancer in front of serviceB. The DNS resolution and connectivity is there, but I had to update some security group ingress rules to get it working.
What I did:
On serviceB's load balancer, I added ingress rules to the security group, to allow IPs from accountA's VPC.
What I did NOT do:
Any changes to serviceB's security group. Those ingress rules ONLY allow IPs from accountB.
Why do the serviceB ingress rules not prevent this call?
Think AWS docs mentioned with multiple security groups, the most permissive rule wins. But I think that's at each level? (Like if the LB had a bunch of security groups) Is serviceB not getting the original IPs from accountA? Like maybe it's just seeing the LB's IP?
Upvotes: 1
Views: 281
Answers (1)
Reputation: 26074
Like maybe it's just seeing the LB's IP?
That's exactly it. Every resource behind the ALB will only see the load balancer's private ip only.
From this knowledge article:
Application Load Balancers use the private IP addresses associated with their elastic network interfaces as the source IP address for requests forwarded to your web servers.
Upvotes: 2
Related Questions
- Inbound rules for security groups
- AWS EC2 Security group permissions for Network Load Balancer
- authorize-security-group-ingress not adding rule to security group
- AWS Security Group, if open to all ingress ports, can it be externally accessed?
- Allow ELB connection just from instances in the same VPC, Subnet and Security Group
- What are ingress security_groups in Terraform for AWS
- Security group rule between aws external ALB and privale Ip ec2 instance?
- How can i create an internal ELB with security groups?
- How allow connection to my ELB from my EC2 instances
- AWS Security Group Not Permitting Inbound Traffic