Is it necessary to allow access between different security groups in VPC on AWS?
Question
As the picture below, an EC2 and an ECS services are running on different su.net, target group and security groups. But they are in the same VPC.
I want to allow access the ECS service through EC2's Nginx server from public inte.net.
EC2 is allowing 80 and 443 now. And the ECS' security group is allowing 80 only. The Nginx's config is
/etc/nginx/sites-enabled/nginx.conf
server {
listen 80 default_server;
server_name _;
proxy_pass {{ internal_ecs_elb_endpoint }};
proxy_read_timeout 60s;
proxy_redirect {{ internal_ecs_elb_endpoint }} myproxy.mydomain.com;
return 301 https://$host$request_uri;
}
Does the security group2 in ECS service need to allow security group1's tcp 80/443 port? As they are in the different groups.
1 answers
solution1
2 ACCPTED 2021-10-06 09:50:56
Does the security group2 in ECS service need to allow security group1's tcp 80/443 port?
Yes. To follow good practice you would create inbound tcp rule for port 80 in SG2 with source of SG1.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.