Otdfbt

How do scammers retract money, while you can’t?

Won the lottery - how do I keep the money?

I believe this to be a fraud - hired, then asked to cash check and send cash as Bitcoin

Make solar eclipses exceedingly rare, but still have new moons

Written every which way

Is micro rebar a better way to reinforce concrete than rebar?

Why did we only see the N-1 starfighters in one film?

Skipping indices in a product

Why do professional authors make "consistency" mistakes? And how to avoid them?

Received an invoice from my ex-employer billing me for training; how to handle?

"and that skill is always a class skill for you" - does "always" have any meaning in Pathfinder?

Why do remote companies require working in the US?

How to count occurrences of text in a file?

What exact does MIB represent in SNMP? How is it different from OID?

How do we know the LHC results are robust?

How fast would a person need to move to trick the eye?

What can we do to stop prior company from asking us questions?

Giving the same color to different shapefiles in QGIS

What is the result of assigning to std::vector<T>::begin()?

At which OSI layer a user-generated data resides?

Is HostGator storing my password in plaintext?

Why do we use the plural of movies in this phrase "We went to the movies last night."?

How to make a variable always equal to the result of some calculations?

Is there a difference between "Fahrstuhl" and "Aufzug"

AWS security groups as custom source

0

I have a security group that contains all the IP range of my company and some ports it should be able to connect to defined in its inbound rule.

I understand that you can use a security group id as a custom source in another security group, which works for connections coming from instances with that security group attached to it.

Does this also mean that IP addresses specified in that security group works also?

So I want an RDS instance to accept connections from my company's IP range, I would just reference the security group and not just the instances/lambdas tagged with that security group ID.

This would save the stress of having to list those IP's any time I need them whitelist, rather I would just reference the security group.

Is this possible?

amazon-web-services security-groups

share|improve this question

asked 2 days ago

philip oghenerobo balogunphilip oghenerobo balogun

1136

• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  a shortcut would be to use the subnet and internal ips of your VPC. so when you add 172.34.0.0/16, it would accept all communications internally!
  
  – saviour123
  2 days ago
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  If there are public IPs, just add them manually, eith one by one or with IP block!
  
  – saviour123
  2 days ago
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  I'll like to have a security group that contains all these
  
  – philip oghenerobo balogun
  2 days ago
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  The security group doesn't handle the IPs in the security group rules. But the instance its attach to. This means that, when you add sec group to rds, it would accept communications from that server! you can also attach the same sec group to multiples servers!
  
  – saviour123
  2 days ago
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  I guess that answers my question. It would have been awesome if this was possible. Adding the IP block as suggested is pretty easy too, but having a way to define them somewhere(what looks like a security group) especially if you have external clients with public facing IP address, it would be easy to grant them access to 1 or more of your resources by groups or whatsoever.
  
  – philip oghenerobo balogun
  2 days ago
  

  
  
  
  

add a comment | 

0

I have a security group that contains all the IP range of my company and some ports it should be able to connect to defined in its inbound rule.

I understand that you can use a security group id as a custom source in another security group, which works for connections coming from instances with that security group attached to it.

Does this also mean that IP addresses specified in that security group works also?

So I want an RDS instance to accept connections from my company's IP range, I would just reference the security group and not just the instances/lambdas tagged with that security group ID.

This would save the stress of having to list those IP's any time I need them whitelist, rather I would just reference the security group.

Is this possible?

amazon-web-services security-groups

share|improve this question

asked 2 days ago

philip oghenerobo balogunphilip oghenerobo balogun

1136

• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  a shortcut would be to use the subnet and internal ips of your VPC. so when you add 172.34.0.0/16, it would accept all communications internally!
  
  – saviour123
  2 days ago
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  If there are public IPs, just add them manually, eith one by one or with IP block!
  
  – saviour123
  2 days ago
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  I'll like to have a security group that contains all these
  
  – philip oghenerobo balogun
  2 days ago
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  The security group doesn't handle the IPs in the security group rules. But the instance its attach to. This means that, when you add sec group to rds, it would accept communications from that server! you can also attach the same sec group to multiples servers!
  
  – saviour123
  2 days ago
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  I guess that answers my question. It would have been awesome if this was possible. Adding the IP block as suggested is pretty easy too, but having a way to define them somewhere(what looks like a security group) especially if you have external clients with public facing IP address, it would be easy to grant them access to 1 or more of your resources by groups or whatsoever.
  
  – philip oghenerobo balogun
  2 days ago
  

  
  
  
  

add a comment | 

I have a security group that contains all the IP range of my company and some ports it should be able to connect to defined in its inbound rule.

I understand that you can use a security group id as a custom source in another security group, which works for connections coming from instances with that security group attached to it.

Does this also mean that IP addresses specified in that security group works also?

So I want an RDS instance to accept connections from my company's IP range, I would just reference the security group and not just the instances/lambdas tagged with that security group ID.

This would save the stress of having to list those IP's any time I need them whitelist, rather I would just reference the security group.

Is this possible?

amazon-web-services security-groups

share|improve this question

asked 2 days ago

philip oghenerobo balogunphilip oghenerobo balogun

1136

share|improve this question

asked 2 days ago

philip oghenerobo balogunphilip oghenerobo balogun

1136

share|improve this question

asked 2 days ago

philip oghenerobo balogunphilip oghenerobo balogun

1136

asked 2 days ago

philip oghenerobo balogunphilip oghenerobo balogun

1136

asked 2 days ago

philip oghenerobo balogunphilip oghenerobo balogun

1136

1 Answer
1

active

oldest

votes

0

The use case you're describing is not possible. As stated in the AWS document,

Another security group. This allows instances associated with the
specified security group to access instances associated with this
security group. This does not add rules from the source security group
to this security group.

share|improve this answer

answered yesterday

sudosudo

1714

add a comment | 

Your Answer

StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "2"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f960284%2faws-security-groups-as-custom-source%23new-answer', 'question_page');

);

Post as a guest

Name

Email

Required, but never shown

0

The use case you're describing is not possible. As stated in the AWS document,

Another security group. This allows instances associated with the
specified security group to access instances associated with this
security group. This does not add rules from the source security group
to this security group.

share|improve this answer

answered yesterday

sudosudo

1714

add a comment | 

0

The use case you're describing is not possible. As stated in the AWS document,

Another security group. This allows instances associated with the
specified security group to access instances associated with this
security group. This does not add rules from the source security group
to this security group.

share|improve this answer

answered yesterday

sudosudo

1714

add a comment | 

The use case you're describing is not possible. As stated in the AWS document,

Another security group. This allows instances associated with the
specified security group to access instances associated with this
security group. This does not add rules from the source security group
to this security group.

share|improve this answer

answered yesterday

sudosudo

1714

share|improve this answer

answered yesterday

sudosudo

1714

answered yesterday

sudosudo

1714

answered yesterday

sudosudo

1714