Home > other >  How to add a beanstalk app to a security group as a inbound rule
How to add a beanstalk app to a security group as a inbound rule

Time:03-11

I have two Elastic Beanstalk applications "a" and "b". Anyone should be able to talk to (a) over http, but only (a) should be able to talk to (b). I.e.

internet -> a -> b

Right now, everything works if both apps are fully open to the internet. But as soon as I try to restrict the security group for (b)'s ELB, (a) can't seem to connect anymore.

I.e. If I allow (b)'s load balancer security group to allow http:0.0.0.0/0, everything works. But if I set that same security group to allow only http:[(a)'s security group], (a) can no longer communicate with (b).

Both apps are in the same VPC. What am I missing?

CodePudding user response:

This is because your second environment has an external load balancer. That means the traffic from environment A to environment B will exit the VPC and come back in, at which point the association with environment A's security group is lost.

You need to convert environment B to use an internal load balancer. The Elastic Beanstalk setting for that is:

Namespace: aws:ec2:vpc

Name: ELBScheme

Value: internal

  • Related