AWS Security groups don’t work the issue

Assuming Server A is trying to ping Server B and Server B's security group grants inbound access from Server A's security group...

You need to make sure Server A is pinging Server B via Server B's Private DNS Address (or Private IP Address) instead of Server B's public (or elastic) address.

According to the documentation:

Incoming traffic is allowed based on the private IP addresses of the instances that are associated with the source security group (and not the public IP or Elastic IP addresses).

If you select an instance from the Instances page on the EC2 Dashboard you can see the instance’s public and private addresses.

Image for post
Image for post

The private IP address of an Amazon EC2 instance will never change. It will not change while an instance is running. It will not change while an instance is stopped.

When EC2 instances are launched, the primary elastic network interface is assigned a reserved private IP address from the default VPC DHCP pool.

The private IP address stays assigned to the network interface until it is deleted. The instance’s primary network interface cannot be removed; it stays assigned to the instance until the instance is deleted. It is not possible to remove or change the private IP address of the primary network interface, but it is possible to add more private IP addresses to the network interface.

Written by

Magento/APP Cloud Architect. Melting metal server infrastructure into cloud solutions.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store