Menu
I have two instances.
IOne is in us-east-1b and is in security group 'bamboo'
ITwo is in us-east-1c and is in security group 'ssh from bamboo'
In ssh from bamboo I allow inbound traffic on port 22 from group 'bamboo'
This results in IOne getting timeouts when trying to SSH into ITwo
If I change the security rule to the IP address of IOne instead of the group name, the SSH connection succeeds.
I read that the two machines have to be in the same region (though it doesn't mention zones). Should my above setup work? If not what would I need to change?
316
asked Sep 18 '13 18:09
The inbound rule in your security group must allow traffic on all ports. It needs to do this because the destination port number of any inbound return packets is set to a randomly allocated port number.
What is wrong with the third incoming security group rule, which allows all traffic from sg-269afc5e to go to an Ubuntu EC2 instance configured as a web server? All traffic on all ports is being denied into this instance, which overwrites the HTTP rule and makes it redundant.
Maybe this answer is late but @datasage probably was right. You need to use your private IP and not the public or Elastic IP
From the AWS EC2 documentation:
Incoming traffic is allowed based on the private IP addresses of the instances that are associated with the source security group (and not the public IP or Elastic IP addresses).
44
You can't use the public IP, but you can use the public hostname (ec2-IPADDRESS-.us-east-1.compute.amazonaws.com) because this will resolve to the internal IP address when called from inside EC2, and will resolve to the external IP from outside Amazon's network.
50
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
