I currently have the following setup:
- An API (Node.JS) running using Elastic Beanstalk, which is currently only running one EC2 instance
- A MongoDB instance running on a seperate EC2 instance
Currently, I have two security groups, one for the DB, let's call it sg-db, and another one generated by Elastic Beanstalk, called awseb-e-wwbtetapaa-stack-AWSEBSecurityGroup-xx.
On sg-db, I have the port 27017 open to 0.0.0.0/0. I'm trying to close the port so that only my Elastic Beanstalk application can access it. I've tried opening 27017 for awseb-e-wwbtetapaa-stack-AWSEBSecurityGroup-xx, but it didn't work, I still can't access it.
For testing purposes, I tried connecting on my EC2 instance that runs the API and then try to open the port 22 on my database instance, I tried opening port 22 on awseb-e-wwbtetapaa-stack-AWSEBSecurityGroup-xx and on amazon-elb-sg. Both didn't work.
Anyone has any idea on how I could close the MongoDB port? It's a pretty big security flaw right now to have it open to 0.0.0.0/0.
EDIT
I figured out the problem that was occurring. Apparently, you can't use the public IP when specifying the security group of the Elastic Beanstalk application. Using a private IP seems to be working just fine. So now I just need to find a way to setup a "static" private IP or a similar solution.
EDIT 2
Seems like using the Public DNS returns the private IP when using it in the EC2 instance.
Best Answer
I figured out the problem that was occurring. Apparently, you can't use the public IP when specifying the security group of the Elastic Beanstalk application. Using a private IP seems to be working just fine. Seems like using the Public DNS returns the private IP when using it in the EC2 instance. So instead of trying to connect to the Elastic IP, I'm now connecting to the Public DNS, which works just fine.