AWS EC2: Security group name present in inbound rule's source
Question
I'm investigating security setting of an EC2 instance, and taking a look at security group setting. In one of the inbound rule's source, instead of source IP address, it has it's own security group's ID and Group name.
What does this mean?
1 answers
solution1
3 ACCPTED 2019-08-06 23:26:30
In AWS, Security Groups are applied to each resource individually .
So, let's say you had:
- A security group (
App-SG) permitting inbound HTTP access on port 80 - Two Amazon EC2 instances in a public subnet associated with
App-SG
Even though both EC2 instances have the same security group, they are not able to SSH with each other. Some people sometimes say that the instances would be "in" the same security group (which gives the impression that they can communicate with each other), but it is more appropriate to say that the instances are associated with the same security group.
The thing to remember is that security group rules are applied to each instance individually .
So, if you wanted to permit both instances to SSH to each other, you could add an inbound rule to the security group:
- Protocol: SSH (Port 22)
- Source:
App-SG
This says: "Allow any resource associated with this security group to receive traffic from any other resource associated with this security group on port 22".
You might say that security group can "communicate with itself", but the reality is that the same rules are applied separately on each resource.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.