amazon-web-servicesamazon-ec2elastic-load-balancer

How to make security groups between load balancer and ec2


I have recently added a ALB for 2 instances in EC2.

I want to make the ALB and EC2 instances to be private so I added the security group for each services.

What I did is that I added the IP Addresses in HTTPS of the EC2 instances in the ALB sg. vice versa in the EC2 sg.

In Route 53. I made a subdomain to link in the DNS name of ALB.

I tried to test it first using sg that is public and it works fine and can access the EC2 application. But after I tried to set the sg for both the ALB and EC2. When I test it, It can't access it.

Where did I go wrong?


Solution

  • A security group can allow traffic from a CIDR range of IP addresses, or from another Security Group. Thus, you should configure the following Security Groups:

    The Application Security Group (App-SG) is thus permitting incoming traffic from the Load Balancer. Or, more specifically, from any resource that is associated with ALB-SG.

    Route 53 should have a CNAME record pointing your desired domain name to the DNS Name of the Load Balancer.