1

I put up an ELB in front of my ec2 instances so traffic from coming from internet goes to elb first and then to one of my ec2 instance.Right now instance is also allowing traffic from 0.0.0.0 as it is unnecessary .I want them to be accessible other than ELB . How i can do that??Also is there anything to be taken care of??

4

1 回答 1

3

A security group can allow traffic from a CIDR range of IP addresses, or from another Security Group. Thus, you should configure the following Security Groups:

  • ELB-SG: Allow HTTP/S from 0.0.0.0/0. Associate it with the ELB.
  • App-SG: Allow HTTP from ELB-SG. Associate it with your EC2 instances (or Auto Scaling group Launch Configuration).

The Application Security Group (App-SG) is permitting incoming traffic from the Load Balancer. Or, more specifically, from any resource that is associated with ELB-SG.

于 2018-06-17T23:20:23.410 回答