K
Q

aws security groups: allow ec2 instance to access its own ports

10/10/2019

I want all members of security group sg-a to be able to access several ports, e.g. 6443 (kubernetes api server), on all instances in sg-a: including themselves.

I create a rule in sg-a that says

  • Type: Custom TCP
  • Protocol: TCP
  • Port Range: 6443
  • Source: sg-a

However, instanceA cannot access port 6443 on itself.

When I update "Source" to Source: instanceA.public.ip.address , then instanceA can access port 6443 on itself.

However, I now have instance specific rules in my security group. If possible, I would like to find a solution where I do not have to add new rules when I add a new instance to my security group

-- MCI
amazon-ec2
amazon-web-services
aws-security-group
kubernetes

Similar Questions

Launching Helm Chart stable/minecraft on Kubernetes 1.14 on EKS Fails Liveness Probe
Kubernetes pod security policies uid/gid ranges
Is there a way to set canary or weighted deployments on kubernetes service level without using ingress/gateway?
How to load balance sockets using ingress nginx

1 Answer

10/11/2019

For the security group to operate as you describe, the instances will need to connect to each other via a Private IP address.

The fact that it works if you allow the Public IP address indicates that the connection is being made by the public IP address.

-- John Rotenstein
Source: StackOverflow