We build Ec2 instances like linux instances in aws. Sometime we need to make two Ec2 instances connect each other so that they can exchange files etc. However by default this communication is not available.
We need to make some configuration changes to make two Ec2 instances connect each other. Here is quick way to do
Prerequisite:
We have got two linux ec2 instances as below:
Note down the IP and the security group ID details of two:
Instance ID: i-001bf8faf34df386f Private IP 172.31.23.137 Sec grp ID sg-0ce7d465 ------ Instance ID: i-0b6a20837dd74ba2c Private IP 172.31.25.150 Sec grp ID sg-d0e7d4b9
Initially when we try to ping these servers from each end test was unsuccessful as below:
Test1:
[root@ip-172-31-23-137 ~]# ping 172.31.25.150 PING 172.31.25.150 (172.31.25.150) 56(84) bytes of data. ^C --- 172.31.25.150 ping statistics --- 2 packets transmitted, 0 received, 100% packet loss, time 999ms
Test 2:
[root@ip-172-31-25-150 ~]# ping 172.31.23.137 PING 172.31.23.137 (172.31.23.137) 56(84) bytes of data. ^C --- 172.31.23.137 ping statistics --- 2 packets transmitted, 0 received, 100% packet loss, time 999ms
Now to make two Ec2 instances connect with each other follow below steps:
Step1: Goto Security group option in left pane under NETWORK & SECURITY option as below:
Step2: In the right side select security group “sg-0ce7d465” which is our security group for first instance. Click on edit option as below:
Step3: In the next popup window click on “Add Rule” button as below:
Step 4: Now Select All ICMP-ipv4 under Type drop-down,for Source tab select custom and in the next box enter the security group id of the other server which is “sg-d0e7d4b9” click on save button.
After above configuration we can able to ping the server “172.31.23.137” from the server 172.31.25.150 as below:
[root@ip-172-31-25-150 ~]# ping 172.31.23.137 PING 172.31.23.137 (172.31.23.137) 56(84) bytes of data. 64 bytes from 172.31.23.137: icmp_seq=1 ttl=64 time=0.632 ms 64 bytes from 172.31.23.137: icmp_seq=2 ttl=64 time=0.698 ms 64 bytes from 172.31.23.137: icmp_seq=3 ttl=64 time=0.646 ms 64 bytes from 172.31.23.137: icmp_seq=4 ttl=64 time=0.638 ms ^C --- 172.31.23.137 ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 3000ms rtt min/avg/max/mdev = 0.632/0.653/0.698/0.036 ms [root@ip-172-31-25-150 ~]#
To make the communication open from other (server) end, follow the steps 1 to 3 for other security group “sg-d0e7d4b9” and in the step 4 enter below details and click save button.
After above configuration we can able to ping vice versa as below:
[root@ip-172-31-23-137 ~]# ping 172.31.25.150 PING 172.31.25.150 (172.31.25.150) 56(84) bytes of data. 64 bytes from 172.31.25.150: icmp_seq=1 ttl=64 time=0.538 ms 64 bytes from 172.31.25.150: icmp_seq=2 ttl=64 time=0.666 ms 64 bytes from 172.31.25.150: icmp_seq=3 ttl=64 time=0.562 ms 64 bytes from 172.31.25.150: icmp_seq=4 ttl=64 time=0.618 ms ^C --- 172.31.25.150 ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 3000ms rtt min/avg/max/mdev = 0.538/0.596/0.666/0.049 ms [root@ip-172-31-23-137 ~]#
So this how we can make two Ec2 instances connect each other. In case of other ports or service please select particular service such as ssh, http or even NFS make sure you open the source with custom mentioning the security group id of the other server.
Altif says
That’s explained precisely. What if both instances share same security group on ‘let’s say 47500 – 47600 port” how would you achieve? I’d appreciate your help.