Issue
I want all members of security group sg-a
to be able to access several ports, e.g. 6443 (kubernetes api server), on all instances in sg-a
: including themselves.
I create a rule in sg-a
that says
- Type: Custom TCP
- Protocol: TCP
- Port Range: 6443
- Source:
sg-a
However, instanceA
cannot access port 6443 on itself.
When I update "Source" to Source: instanceA.public.ip.address
, then instanceA
can access port 6443 on itself.
However, I now have instance specific rules in my security group. If possible, I would like to find a solution where I do not have to add new rules when I add a new instance to my security group
Solution
For the security group to operate as you describe, the instances will need to connect to each other via a Private IP address.
The fact that it works if you allow the Public IP address indicates that the connection is being made by the public IP address.
Answered By - John Rotenstein Answer Checked By - Terry (WPSolving Volunteer)