4

I have some services - mysql, some HTTP services - which I would like to have open for Heroku exclusively. I can define IP adress / IP mask (I am not sure what it is in EC2 security groups). Which IP or mask fits only Heroku? I guess Heroku has more IPs it can possibly access my EC2 instance from.

How can I allow access to some EC2 ports only for Heroku?

fifigyuri
  • 143
  • 1
  • 7

2 Answers2

3

As described in Heroku's devcenter, to open your EC2 server to Heroku you can use the command:

$ ec2-authorize YOURGROUP -P tcp -p 3306 -u 098166147350 -o default

This will create a rule in the security group YOURGROUP from Heroku that will allow Heroku to connect to your server through TCP port 3306.

When connecting from the Heroku App to the EC2 server, instead of using the elastic IP, you should use the full public DNS record: ec2-x-x-x-x.compute-1.amazonaws.com.

Sources:

https://devcenter.heroku.com/articles/external-services

https://forums.aws.amazon.com/message.jspa?messageID=209565

HopelessN00b
  • 53,385
  • 32
  • 133
  • 208
Anderson Vieira
  • 131
  • 4
  • Related answer: http://stackoverflow.com/a/8638281/556413 – glarrain Oct 22 '13 at 14:47
  • 2
    Just wanted to add that Heroku no longer recommends using the account ID and security group name as a mechanism for granting access. See this changelog item for details: https://devcenter.heroku.com/changelog-items/353 – friism Oct 24 '13 at 19:47
1

I've asked the same question to Heroku support. They said to use the same configuration used for Amazon RDS.

https://devcenter.heroku.com/articles/amazon_rds

alkalinecoffee
  • 115
  • 5
Michel
  • 11
  • 1
  • 1
    This answer doesn't seem quite relevant to me. The OP asks what block of IP addresses Heroku uses such that he can filter incoming connections to a variety of his own services. – ybakos Jan 04 '12 at 17:44