I have three EC2 instances with elastic IPs.
Each one contains a server.
Each server needs that TCP ports 8181, 2181, 2888 and 3888 are opened on each machine.
Each server should have the possibility to talk with the other servers via these ports.
I created a security group (for example, named : sg-4d775c42) where I put the following rules :
Custom TCP Rule | TCP | 8181 | sg-4d775c42
Custom TCP Rule | TCP | 2181 | sg-4d775c42
Custom TCP Rule | TCP | 2888 | sg-4d775c42
Custom TCP Rule | TCP | 3888 | sg-4d775c42
I thought that these rules mean that each machine in the security group sg-4d775c42 can call the ports 8181, 2181, 2888 and 3888 of the other machines in the same group.
But it seems that it's not the case !
If I open the ports to the world, ie the following rules :
Custom TCP Rule | TCP | 8181 | 0.0.0.0/0
Custom TCP Rule | TCP | 2181 | 0.0.0.0/0
Custom TCP Rule | TCP | 2888 | 0.0.0.0/0
Custom TCP Rule | TCP | 3888 | 0.0.0.0/0
Of course, my servers can talk together.
Moreover, the private communication between these 3 servers is the first step.
The second step will be to connect into an other private network this 3 servers ensemble to an other instance.
So my question is the following one :
How can I create (or simulate) a private network where my ports are opened between my EC2 instances ?
Best Answer
It does, but only if you use their AWS internal IPs. You can do this with the
ec2-xxx-xxx-xxx-xxx.us-region-1.compute.amazonaws.comaddress each instance gets (which will return an internal IP within the AWS network) or directly via the instance's private IP.If you go through the public internet by using the elastic IPs of the instances, AWS loses any info it would've had on which security groups they're in and thus only IP-based rules will work.