AWS Security group include another Security Group

痞子三分冷 提交于 2019-12-21 16:33:08

问题


From the doc: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html#security-group-rules

Source or destination: The source (inbound rules) or destination (outbound rules) for the traffic. Specify one of these options:

(...)

Another security group. This allows instances associated with the specified security group to access instances associated with this security group. This does not add rules from the source security group to this security group. You can specify one of the following security groups:

The current security group.

As someone tried it?

I created 2 boxes BoxA, BoxB. I created a Security group GroupA with inbound from Source GroupA on port "All port". If I try from BoxA to telnet BoxB on port 9000 with BoxB having a simpleHttpServer on port 9000 I get nothing.

What could I do wrong?


回答1:


I found my answer: Can't communicate between two ec2 instances in the same security group via public ip address?

Need to use private IP or whitelist the public IPs. I wish it was described in the documentation.




回答2:


I was confused about what it exactly means to add another security group in Source (Inbound Rules) and Destination (Outbound Rules) when adding a new rule. I found the explanation given below (source: https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html#SecurityGroupRule) very useful.

"When you specify a security group as the source for a rule, traffic is allowed from the elastic network interfaces (ENI) for the instances associated with the source security group for the specified protocol and port. Adding a security group as a source does not add rules from the source security group."



来源:https://stackoverflow.com/questions/45416882/aws-security-group-include-another-security-group

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!