In EC2-classic, I've been trying to use a security group as the source for another security group, to allow access from multiple IPs (work and home). The way I've been trying is to make a security group named 'my_ips' with one rule for each of my ip numbers (as CIDR), open for all TCP ports. Then I configure a security group say 'my_sg', each rule of which has a single port open (say 22), and its source being security group 'my_ips'. Then I allocate 'my_sg' to my EC2 instance.
What I'm trying to avoid is having to configure multiple rules in 'my_sg' for each port, each rule having the same port but different IP. I'm trying to have 'my_ips' rules filter by IP, then 'my_sg' rules filter by port number.
No luck. Clearly I am doing it wrong. Is there a way to achieve what I want?
Classic EC2 instances can only have a single Elastic IP address associated with them. To get multiple IP addresses, you must use VPC and setup multiple network interfaces on your instance.
All AWS accounts are limited to five Elastic IP addresses per Region.
Amazon EC2 uses this set of rules to determine whether to allow access. You can assign multiple security groups to an instance. Therefore, an instance can have hundreds of rules that apply.
You're mistaken about how security groups work. When you choose to allow an SG as the source in a rule for another SG, you're saying that any EC2 instance that is a member of that SG is permitted on the port you specify. It is not related to the rules of the source SG.
I understand that you're trying to specify all the addresses that should be allowed for port 22 within a single rule, but unfortunately that's no possible with security groups currently. You need to express each IP address and port as its own rule.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With