I have recently added a ALB for 2 instances in EC2.
I want to make the ALB and EC2 instances to be private so I added the security group for each services.
What I did is that I added the IP Addresses in HTTPS of the EC2 instances in the ALB sg. vice versa in the EC2 sg.
In Route 53. I made a subdomain to link in the DNS name of ALB.
I tried to test it first using sg that is public and it works fine and can access the EC2 application. But after I tried to set the sg for both the ALB and EC2. When I test it, It can't access it.
Where did I go wrong?
A security group can allow traffic from a CIDR range of IP addresses, or from another Security Group. Thus, you should configure the following Security Groups:
0.0.0.0/0
(if you want it open to the world). Associate it with the ALB.The Application Security Group (App-SG) is thus permitting incoming traffic from the Load Balancer. Or, more specifically, from any resource that is associated with ALB-SG.
Route 53 should have a CNAME
record pointing your desired domain name to the DNS Name of the Load Balancer.