- Newest
- Most votes
- Most comments
Sounds like your both your backend and front end server have public IP addresses and are in public subnets.
I’d move your backend server to a private subnet and only allow the front end private IP address in the security group on the backend server.
I just tried this, and I get the same issue. I made the subnet of my backend EC2 instance private by associating it to a route table that has one route with the VPC IP as the destination and local as the target (no route connected to internet gateway). Even if all the inbound/outbound rules of the NACL and backend security group accept all traffic, the frontend EC2 is still not able to talk to the backend EC2 unless I add a route that points to an internet gateway.
Make sure your backend server doesnt have a public IP
How will the frontend EC2 be able to talk to the backend server if it doesn't have a public IP? I host my backend on a subdomain through route53 (hosted at [subdomain]/graphql), and need the frontend EC2 to make requests to [subdomain]/graphql. I also need to use HTTPS for my backend to prevent CORS issues with my frontend domain.
Relevant content
- asked 2 years ago
- asked 2 years ago
- asked 4 months ago
- AWS OFFICIALUpdated 2 months ago
- AWS OFFICIALUpdated 5 months ago
- AWS OFFICIALUpdated 2 months ago
- AWS OFFICIALUpdated 2 years ago
Are you sure that the frontend security group is attached to all the network interfaces of the frontend EC2 instance?
Yes, I only have 1 network interface with my frontend EC2 instance attached to it. Same for the backend EC2 instance
I hope here you set up backup on public subnet, that's why when you change source to 0.0.0.0/0, it's getting traffic. But can you check that HTTPS traffic is passed to frontend first ? because you want HTTPS traffic to come from frontend SG to backend SG, for this requirement, frontend SG should have that traffic within that. If HTTPS is not configured in the inbound of frontend, then it will not be passed to Backend as well.
Yes HTTPS is configured in the frontend as well. And no I didn't set a backup.