Tag Archives: aws

How to securely connect an AWS load balancer to EC2 instances

Here’s the magic sauce to securely allow traffic to your webservers only from your load balancer. Run the following:

ec2-authorize --region REGION -C /path/to/cert.pem -K /path/to/key.pem ELB_NAME -u OWNER_ALIAS -o SOURCE_SECURITY_GROUP

The tricky bits for me were:

  • having to generate an X.509 key and cert just for this purpose (there’s gotta be a way to do that from the web console)
  • OWNER_ALIAS above and in the web console equates to SOURCE-OR-DEST-GROUP-USER in the ec2-authorize(1) manpage.
  • SOURCE_SECURITY_GROUP above and in the web console equates to SOURCE-OR-DEST-GROUP in the ec2-authorize(1) manpage.
  • to remember to include --region

The documentation for same is confusing to someone like me who doesn’t know much AWS security group terminology.

As far as I know, there’s no way to perform, view, or manage this special security setting through the web console.