为了在AWS上面建立一套int环境,我们起了一些instance。为了系统安全,我们通过security group限制只有内部ip才能够访问。但是当我们启动一个LB的时候,无论如何都不能health check成功。通过查看网上的文章,竟然是security group限制了LB的访问!
In an ongoing effort to keep my company’s servers as secure as possible I decided I was going to lock down port 80 and 443 to only accept traffic from specific servers that needed access. Should be easy enough I thought, I could simply setup up the security group and restrict the source IP or group. I setup a test EC2 instance and ran a quick test pointing directly to the instance and it worked. I then added the rules to the production security group and thought all was well. Not so fast … I failed to remember that the Elastic Load Balancer (ELB) needs to perform health checks on each instance to confirm they are running. The problem here is you cannot tell what IP address the ELB is using to add to the security group and you cannot assign a security group to the ELB.
By adding amazon-elb/amazon-elb-sg to the source of the security group. It can then permit the access from the LBR only.