I have a single Elastic Beanstalk instance which functions as the Admin dashboard rendering HTML templates and data fed from the database. This and the database are within a specific VPC.
Also within the VPC i have another single instance Elastic Beanstalk application which functions as a web socket client saving data from an external service into the database. Those are the ingestion feeds in the diagram below.
The Ingestion feeds have HTTP Rest endpoints i can hit from the admin dashboard which start/stop the ingestion feeds.
The problem i'm having is how to close off the Ingestion Feeds from outside of the VPC. I'd like it to only connect from the Admin Dashboard Elastic Beanstalk apps.
But i also want them to be able to connect to the external service via web sockets.
This should meet your requirements:
Admin Dashboard server: Security Group A
Ingestion Feeds server: Security Group B
Database server: Security Group C
Note:
From the documentation:
This should allow your Ingestion Feeds service to create a connection with the External Service and receive responses on that connection without any Inbound Rules assigned to the Ingestion Feeds instance.