Restrict EC2 security group to Elastic Beanstalk instances

Question

I have my MongoDB deployed in an EC2 instance, nice and steady. I will (hopefully) have my Elastic Beanstalk load-balanced Web App launched soon using Docker. However, I fee

Answer 1

When you create your Elastic Beanstalk application, you will choose a security group to assign to it's EC2 instances.

For your MongoDB security group, allow traffic on port 27017 for the EB EC2's security group. If done this way, then only EC2 instances using that security group can access the MongoDB instance.

Note, when accessing your MongoDB instance from your EB app's EC2 instance, makes sure you use the private IP address of the MongoDB instance, and not the public IP address. If you use the public IP address, then AWS doesn't recognize the connection as originating from the EB security group and will deny the connection.