All geek questions in one place

An elastic beanstalk automatically creates a security group that allows all traffic on port 80. How can I disable this?

I am deploying the service on Elastic Beanstalk (EB). When you create an EB environment, it asks you to select a security group for the hosts running the application. No matter what you choose, EB will always use the selected security group in addition to the generated security group, which allows all external HTTP and HTTPS traffic on ports 80 and 443. Is there a way to disable this? I would like the allowed traffic to be determined by my selected security group. I do not want to allow external traffic.

+5
source share
1 answer

If your environment uses Single Instance

When a security group is created, you can always change it by going to EC2 => Security Groups => find the appropriate security group attached to the EC2 instance created (probably some random characters, such as: awseb-e-thmgihexyz-stack-AWSEBSecurityGroup-6PG13Z3VXXX9 ) => Inbox => Change => delete Inbound Port 80 and Inbound Port 443

Or a very similar method:

Go to EC2 => select the instance created by your EB => application, scroll to the far left => If you see your security group, start with awseb , select it => . By default, it will go to the page of the security group. => Edit => remove Inbound Port 80 and Inbound Port 443


If your environment uses load balancing

Go to the EB toolbar, click on your application => , go to Configuration on the left. => Click on the Load Balancer settings icon in the upper left. There you will see Listener port: 80 . Press 80 and switch it to OFF . You can also do this with Secure listener port: 443 , which should not be enabled by default.

Update:

To dynamically update the incoming Security Group inbound traffic, use the EC2 SDK authorizeSecurityGroupIngress Documented HERE .

Hope this helps!

+1
source

Source: https://habr.com/ru/post/1244455/

More articles:


All Articles