Can't give access to all servers belonging to a security group in AWS

Question

My current structure

• 1 instance in a VPC set up with an Auto Scaling Group.
• 1 instance in same VPC with HaProxy load balancer routing MySQL traffic to RDS instances (in same VPC)

I have tested and have confirmed that the load balancer is connecting to the RDS instances and all is good there.

My issue is I can't connect to the load balance instance using mysql from any other instance in AWS without specifically adding the IP of the source instance to the load balancer's Security Group.

I don't want to use the IP address since the instance is configured to auto scale which will spawn more instances. I thought that by assigning sg-{security-group-id} as the IP address in the rules that it would allow all instances assigned to that security group.

Visual setup of Security Groups

• VPC instance with auto scale configured with security group id sg-scaled
• LB instance configured with security group id sg-lb

sg-scaled

---------------------------------
| HTTP  | TCP | 80  | 0.0.0.0/0 |
| HTTPS | TCP | 443 | 0.0.0.0/0 |
---------------------------------

sg-lb

----------------------------------
| HTTP  | TCP | 80   | my_ip/32  | (stats)
| MYSQL | TCP | 3306 | sg-scaled | <-- *this
----------------------------------

*this: Shouldn't that line translate to "All instances assigned to security group id sg-scaled"?

Answer 1

Wow. OK.. I figured out what the problem was. I had my application trying to connect via a subdomain which I had routed to a public elastic IP. That seems to have been the culprit.

For you to utilize a security group as an allowed incoming connection you have to use the private ip address of an elastic IP (if that's what you decide to use).