Home > Net >  When should I whitelist a Security group?
When should I whitelist a Security group?

Time:01-10

I have a Security-group Apple which is attached to my application EKS worker nodes i.e. EC2 instances. I have another Security-group Mango which is attached to the database EC2 instance, also EKS cluster.

When I whitelist Apple Security-group in Mango, the applications in my EKS cannot access the db.

But when I explicitely whitelist the IP's of the worker nodes i.e. the EC2 instances, the applications can access the database.

Why does this work? Shouldn't whitelisting the attached Security-group solve my use case? Please help.

CodePudding user response:

When the rules of a Security Group refer to another Security Group, traffic will be permitted but only for the private IP address of instances.

If you are referring to the public IP address of the EC2 instance with the database, then the traffic goes out of the Internet Gateway and back 'into' the VPC. The source identity is therefore lost and the Security Group will not permit the inbound traffic.

You should communicate within the VPC by using private IP addresses.

Page link:https//www.codepudding.com/net/256825.html

Prev:PHPMailer does not execute code after $mail = new PHPMailer
Next:What are the differences of defining configMap in volumes?
  •  Tags:  
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding