'I can't make two ec2 instance talk each other
My goal:
I have two instance EC2, one is an API that is public and another is a microservice, which needs only to communicate with API.
what I have tried so far:
I have one security group where both instances were attached. In this group, I created every possible rules. (I can ping each of them through private IP, but i can't make a request from my API to my microservice).
I made a simple diagram showing my goal and my problem
More details:
- Both instance are running on the same VPC and subnet.
- Trying telnet or curl, the response is connection refused
My inbound rules security group:
My outbound rules security group:
amazon-web-services
amazon-ec2Solution 1:[1]
Security Group rules operate on each resource individually. Putting instances in the 'same' security group does not guarantee that they can communicate with each other.
The correct security setup would be:
- One Security Group on the 'public' instance (
Public-SG) that allows Inbound connections on port 80/443 from the Internet (0.0.0.0/0) and default rules that permit All Outbound traffic. - One Security Group on the 'private' microservice instance (
Microservice-SG) that allows Inbound connections on port 8086 fromPublic-SGand default rules that permit All Outbound traffic.
That is, Microservice-SG should specifically reference Public-SG in its Inbound rules.
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | John Rotenstein |