I have two EC2 instances, both in the same public subnet and both in the same availability zone.
I want one of the instances to be able to access the other via SSH.
Here are the security groups I have configured so far:
Instance #1: Web Server
inbound and outbound port 80 0.0.0.0/0
inbound and outbound port 443 0.0.0.0/0
inbound and outbound port 22 allow_internal_ssh (self)
Instance #2: SSH Only
inbound and outbound port 22 0.0.0.0/0 # soon to be my home IP
inbound and outbound port 22 allow_internal_ssh (self)
I want #1 to only be accessible by SSH from #2.
I thought I could do that by assigning the same security group (allow_internal_ssh
) to both, however, it's not working!
With the setup described above, I cannot connect to #2.
If I give both instances the allow_ssh
security group I can access the SSH server (#2) and then from there login to the web server (#1).
Any advice on debugging this or help to setup SSH access from the same security group would be very much appreciated!
It sounds like your requirements are:
Instance #1 (Web Server):
Instance #2:
To accomplish this, you would need two security groups -- one associated with each instance.
You should create a security group for Instance #1:
0.0.0.0/0
0.0.0.0/0
You should create a security group for Instance #2:
The magic is that one security group (#1) can refer to another security group (#2). In the above configuration, any instance associated with security group #2 would be allowed to access any instance associated with security group #1 on port 22. (Of course, standard login and keypairs would still be required.)