Using custom rules in amazon security groups issues

0

1

So my question is pretty straight forward:

I have two ec2-classic instances, say A(with security group sg-A) and B(with security group sg-B)

the rules in sg-A is :

Type | Protocol | Port Range | Source
RDP  | TCP      | 3389       | 0.0.0.0/0

the rules in sg-B is :

Type    | Protocol  | Port Range | Source
All TCP | TCP       | 0 - 65535  | sg-A
All UDP | UDP       | 0 - 65535  | sg-A
All ICMP| All       | N/A        | sg-A
RDP     | TCP       | 3389       | 0.0.0.0/0

With these rules i do not even get a reply in ping from A to B

But when i change All ICMP rule in sg-B from sg-A to 0.0.0.0/0 , i receive a reply.

Can you tell me what is wrong when it is sg-A ?

Edit:

B hosts a webserver and A wants to access the same. I found that I have to change All TCP in sg-B from sg-A to 0.0.0.0/0 (or direct IP of A) to make the webserver accessible.

I can't find anything logically incorrect, is it possible that Amazon is malfunctioning ?

Akshay Patil

Posted 2014-04-17T03:28:37.063

Reputation: 51

Are the machines in the same AWS region and on the same AWS account? – Michael - sqlbot – 2014-04-17T12:09:06.477

yes they are in the same region and account – Akshay Patil – 2014-04-17T15:17:25.790

Answers

-1

Has it been resolved?

If you ssh onto A, ping B's private ip, it should work well. But not for public ip.

REFER FROM: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html#vpc-security-groups

Incoming traffic is allowed based on the private IP addresses of the instances that are associated with the source security group (and not the public IP or Elastic IP addresses).

Daming

Posted 2014-04-17T03:28:37.063

Reputation: 1

Asked: 2014-04-17T03:28:37.063

Viewed: 161 times

Active: 2018-11-06T03:17:21.193