amazon-web-servicesaws-security-groupwan

How to share files between 2 instances in different security groups?


I have two instances in two private subnets associated to different security groups. How can I transfer files between them in an "NFS manner"?


Solution

  • I have two instances in two private subnets associated to different security groups.

    In a security group you may specify as a source another security group. You can configure two groups to allow traffic from each other, but that creates a circular reference. It will work, but then it's cumbersome to automate or update the group configuration.

    Better to create another sec-group trusting the traffic from itself (see how the defaut sg is created) and assign the new sec group the both instances (it is possible to assign multiple sg). Assuming the private subnets are in the same VPC.

    if I want a double-ended file transfer. Can a single instance be both a FTP server and a client? Should I use a bastion host instead as a FTP server between them?

    You can have both instances serving as a client and server the same time, nothing wrong with that. However - if you want to have a shared, reliable and "NFS-like" transfer, I'd suggest using the AWS EFS (or EFSx if using Windows) what is a managed NFS storage.