I have two Elastic Beanstalk applications "a" and "b". Anyone should be able to talk to (a) over http, but only (a) should be able to talk to (b). Ie
inte.net -> a -> b
Right now, everything works if both apps are fully open to the inte.net. But as soon as I try to restrict the security group for (b)'s ELB, (a) can't seem to connect anymore.
Ie If I allow (b)'s load balancer security group to allow http:0.0.0.0/0, everything works. But if I set that same security group to allow only http:[(a)'s security group], (a) can no longer communicate with (b).
Both apps are in the same VPC. What am I missing?
This is because your second environment has an external load balancer. That means the traffic from environment A to environment B will exit the VPC and come back in, at which point the association with environment A's security group is lost.
You need to convert environment B to use an internal load balancer. The Elastic Beanstalk setting for that is:
Namespace: aws:ec2:vpc
Name: ELBScheme
Value: internal
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.