Security group https disappears from list

1
votes

I am trying to enable https on my aws ec2 instance. I edited security group and alloved 443 port for ip4 and ip6. But after adding https when I save and check list of inbount rule, I cant see it

Add rule

enter image description here

After adding rule

enter image description here

Why https does not appear in list?

1
amazon-web-servicesamazon-ec2httpsaws-security-group
I've noticed it as well; it seems to be replacing the "HTTPS" rule with "Custom TCP Rule" with the same port (443) - Matt Healy
@MattHealy: Any suggestion how to resolve this? - k k
There's not really anything to resolve - it seems to be purely a cosmetic difference. Ultimately you want to allow port 443 and that is the resulting configuration. - Matt Healy
Even I saw the same, so looks like it's common behaviour. - Sumit Murari

1 Answers

1
votes

This is the default behavior of Security group. If one or more rule specify the same port ,AWS will apply only most permissive rule for action.

If you specify the same port number for more rules with same IP type(IPv4 or IPv6),You will be getting error as "the same permission must not appear multiple times". As per your snap you have selected different IP address type in rule ,that why your rules are created successfully .

Note:Both rules will perform the same action(Customs TCP rule :443 & HTTPS: 443)

If there is more than one rule for a specific port, we apply the most permissive rule. For example, if you have a rule that allows access to TCP port 22 (SSH) from IP address 203.0.113.1 and another rule that allows access to TCP port 22 from everyone, everyone has access to TCP port 22.

Ref:https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html?icmpid=docs_ec2_console#security-group-rules