How to limit the SSH rule for environment when creating by AWS Console

How to limit the SSH rule for environment when creating by AWS Console

Share Everywhere

Table of contents

Question

Hello,

I tried to create an Elastic Beanstalk in AWS Management Console and I find that when I specify key pair in Security configuration, EB will create an inbound rule that allow SSH (port 22) for 0.0.0.0/0.

I also tried to make another sg, but it only add one more security group, the generated sg still have SSH for all inbound. I wonder if there is any way that I can still SSH my instance but do not create SSH for 0.0.0.0/0 (maybe limit for my IP only, etc)

Answer by AWS

Hello,

Hope you are safe and doing well.

Thank you for contacting AWS Premium Support. I am Saurabh and I will be assisting you with the case today.

From your case notes, I understand that you tried to create an Elastic Beanstalk in AWS Management Console and you noticed that when you specify key pair in Security configuration, EB will create an inbound rule that allow SSH (port 22) for 0.0.0.0/0.  You also tried to make another SG, but it only adds one more security group, the generated SG still have SSH for all inbound. You would like to know if there is any way that I can still SSH my instance but do not create SSH for 0.0.0.0/0 (maybe limit for specific IP’s only, etc). Please feel free to correct me if I have misunderstood your concern here.

To start with, I would like to let you know that this is expected that when you create an environment with SSH key defined , beanstalk will add port 22 open for world. This is a service limitation as of now at our end and I can see that we have an open feature request for the same . So I went ahead and added your case with that Feature request . But being at support, I afraid I will not be able to share ETA for the same please keep an aye on below links which will get uploaded

——

https://docs.aws.amazon.com/elasticbeanstalk/latest/relnotes/relnotes.html

https://aws.amazon.com/blogs/aws/

http://aws.amazon.com/new

——

Now, as a workaround I would like to suggest that please add ebextensions

option_settings:
  aws:autoscaling:launchconfiguration:
     SSHSourceRestriction: tcp, 22, 22, IP_Range
Resources:
  AWSEBSecurityGroup:
    Type: 'AWS::EC2::SecurityGroup'
    Properties:
      GroupDescription: VPC Security Group
      SecurityGroupIngress: []      # It will remove ingress rules from default security group.

Being said that I would humbly request you to please try aforementioned suggested and feel free to revert over same case if you need any further help relate to the same or if you face any issue while applying the same. I will be more than happy to help you with that.

I hope the above information is beneficial to you. Please feel free to write back to me, if you have any further queries/questions regarding this case or if you think, I have missed out any of your concern. I will always be there and more than happy to assist you further. Eagerly looking forward to hear back from you.

Be safe and keep doing great!

Have a great day ahead and Take Care !

We value your feedback. Please share your experience by rating this correspondence using the AWS Support Center link at the end of this correspondence. Each correspondence can also be rated by selecting the stars in top right corner of each correspondence within the AWS Support Center.

Best regards,

Saurabh M.

Amazon Web Services

Bạn thấy bài viết này như thế nào?
3 reactions

Add new comment

Restricted HTML

  • Allowed HTML tags: <a href hreflang> <em> <strong> <cite> <blockquote cite> <code> <ul type> <ol start type> <li> <dl> <dt> <dd> <h2 id> <h3 id> <h4 id> <h5 id> <h6 id>
  • Lines and paragraphs break automatically.
  • Web page addresses and email addresses turn into links automatically.
Image CAPTCHA
Enter the characters shown in the image.

Bài viết liên quan

Redshift – xem cluster resize status

Redshift – xem cluster resize status

Tuy là về logic thì cũng không đc thuyết phục lắm, nhưng họ đã làm test và cũng khẳng định như vậy rồi, thì có thể là đặc điểm của redshift này nó thế
MongoDB replica set authentication guide

MongoDB replica set authentication guide

You have to launch at least 3 EC2 instances. Make sure those 3 instances can connect to each other
Sử dụng AWS copilot CLI để đơn giản hóa việc tạo và quản lý ECS cluster

Sử dụng AWS copilot CLI để đơn giản hóa việc tạo và quản lý ECS cluster

AWS Copilot CLI là công cụ có thể tạo ra “production ready containerized applications” một cách nhanh chóng, chỉ cần 1 file Dockerfile thôi, mọi chuyện còn lại có Copilot lo
Hướng dẫn sử dụng đăng nhập với FB, GG Cognito

Hướng dẫn sử dụng đăng nhập với Facebook, Google bằng AWS Cognito

Under Website, enter a sign-in URL for your app client endpoint into Site URL. Your sign-in URL should be in the following
Meetup 11 - Data Streaming on AWS là Meetup đầu tiên của Viet-AWS

Meetup 11 - Data Streaming on AWS là Meetup đầu tiên của Viet-AWS

Đặc biệt cảm ơn tất cả mọi người đã dành thời gian tham gia offline Meetup 11.