Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

EC2: Allowing multiple IPs for a security group rule

In EC2-classic, I've been trying to use a security group as the source for another security group, to allow access from multiple IPs (work and home). The way I've been trying is to make a security group named 'my_ips' with one rule for each of my ip numbers (as CIDR), open for all TCP ports. Then I configure a security group say 'my_sg', each rule of which has a single port open (say 22), and its source being security group 'my_ips'. Then I allocate 'my_sg' to my EC2 instance.

What I'm trying to avoid is having to configure multiple rules in 'my_sg' for each port, each rule having the same port but different IP. I'm trying to have 'my_ips' rules filter by IP, then 'my_sg' rules filter by port number.

No luck. Clearly I am doing it wrong. Is there a way to achieve what I want?

like image 488
idoimaging Avatar asked Jul 18 '15 22:07

idoimaging


People also ask

Can EC2 instance have multiple IPS?

Classic EC2 instances can only have a single Elastic IP address associated with them. To get multiple IP addresses, you must use VPC and setup multiple network interfaces on your instance.

How many elastic IPS are allowed to be created by AWS?

All AWS accounts are limited to five Elastic IP addresses per Region.

Can an EC2 instance have more than one security group?

Amazon EC2 uses this set of rules to determine whether to allow access. You can assign multiple security groups to an instance. Therefore, an instance can have hundreds of rules that apply.


1 Answers

You're mistaken about how security groups work. When you choose to allow an SG as the source in a rule for another SG, you're saying that any EC2 instance that is a member of that SG is permitted on the port you specify. It is not related to the rules of the source SG.

I understand that you're trying to specify all the addresses that should be allowed for port 22 within a single rule, but unfortunately that's no possible with security groups currently. You need to express each IP address and port as its own rule.

like image 173
Ben Whaley Avatar answered Oct 17 '22 06:10

Ben Whaley