Menu
Can Instances in the same security groups in Amazon VPC can communicate each other any how
990
Instances in the same subnet can't communicate by default. The second twist to the AWS Security Groups is that you can open ports in one security group using a second security group as the source address.
Based on your "Ec@ Scenario" image, you can add your "application server" & "backend server" under respective load balancer & can communicate with each other using LB name/end-point url. This would ensure, even if the underling EC2 instance shutdown/re-instanced, the communication won't break.
To connect using the Amazon EC2 console, the instance must have a public IPv4 address. If the instance does not have a public IP address, you can connect to the instance over a private network using an SSH client or the EC2 Instance Connect CLI.
Amazon EC2 uses this set of rules to determine whether to allow access. You can assign multiple security groups to an instance. Therefore, an instance can have hundreds of rules that apply.
Rules to connect to instances from an instance with the same security group
To allow instances that are associated with the same security group to communicate with each other, you must explicitly add rules for this.
The following table describes the inbound rule for a security group that enables associated instances to communicate with each other. The rule allows all types of traffic.
| Protocol type | Protocol number | Ports | Source IP |
|---|---|---|---|
| -1 (All) | -1 (All) | -1 (All) | The ID of the security group |
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/security-group-rules-reference.html
190
Instances associated with the same security group can’t talk to each other unless you add rules allowing it (with the exception being the default security group). you have to add rules to make them able to communicate.
33
It depends on the rules. The fact that two or more instances are associated with the same security group is not related to the allowed traffic.
Security groups is a set of allowed traffic rules, while the reference point is the instances themselves (meaning incoming traffic into the instance or outgoing traffic from the instance). The definition whether instances have access to each others depends on the security groups' rules and the network ACLs' rules.
The communication will not be blocked as long there are rules that allow it. A communication can be RDP, ICMP, HTTP/S and more, but it should be allowed in both security groups and NACLs.
A note to remember: by default, AWS blocks ICMP communication (ping), therefore, although the security group may have "All Traffic" allowed rule a ping request will fail if there is no specific rule that allows it.
21
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
