I have two ec2 instances running in the same VPC private IP addresses of them are as follows
- 10.0.1.74 - MongoDB intance
- 10.0.0.38 - Server 01
- 10.0.1.48 - Server 02
Is there a way to allow/open port 27017 of MongoDb instance to all the IP addresses from 10.0.0.0/24 and 10.0.1.0/24 subnets.
My current inbound settings are as follows.
If I use Server 01/02 public addresses here it works fine. But I want to allow access from the subnet level.
Is there any way to do that?
If I understood correctly and you mean to have a special rule in the ACL to allow only a subnet by its subnet id then it's not possible. In the ACL you can only specify the IP ranges.
I think that you already know, but the closest way to what you need in my opinion is to restrict access by means of security groups.
I suppose your mongo db instance is on a dedicated EC2 with a specific network interface. Then you could easily create a custom security group such as db-security-group and put the rest of the EC2 machine in other specific security group named intranet-security-group.
Then let the db-security-group allow only ingress from intranet-security-group on port 27017.
By the way, have you already evaluated AWS DynamoDB ?