How to allow connection between ec2 instances in different regions

amazon ec2amazon-web-servicessecurity-groups

I have 10 instances with a security group in Oregon and another 10 in Virginia.
How to add edit security group(rules) to allow traffic between them??

Best Answer

If your EC2 instances in both regions are located in public subnets with public IP addresses, then you can add each server's IP address to your security groups. There is a limit of 50 inbound or outbound rules per security group, so you won't be able to open more than 4 or 5 ports per IP address per security group. This can be raised to 100 rules by contacting AWS support but the number of security groups per network interface drops to 2.

Security Groups Limits

If your EC2 instances are located in private subnets or without public IP addresses, then you will need to setup VPC networking. The link that @Tim provided is a good start. Double check first that your VPCs do not have overlapping address space (CIDRs). If the CIDR blocks overlap, you will have to fix that first by creating a new VPC in one of the regions that uses a different CIDR block and move the EC2 instances into the new VPC (by creating AMIs and then relaunching the instances).

Multiple Region Multi-VPC Connectivity

I use Openswan to connect two VPCs in different regions together. Here is a good article by medium.com that shows how to setup everything up. Pretty simple if you understand VPNs.

AWS Region to Region VPC Connectivity with OpenSwan and VPC VPN

Best Answer

Related Solutions

Amazon EC2 – How to Add a Security Group to a Running Instance

Firewall – Are EC2 security group changes effective immediately for running instances

Related Topic