Thursday, June 15, 2017

amazon ec2 - How to list EC2 security group *rules* from within instance?




I have SSH root access to an EC2 instance but no access to the AWS Console / AWS KEY & SECRET.




My incoming traffic to this host on all TCP ports except 22 TCP seems to be blocked - I cannot access my services (for example nginx on port 80) from the outside.



nmap shows these ports as filtered, while port 22 is shown as open when SSH is running and closed when SSH is temporarily shut down.




ICMP and UDP are also blocked.



(I used ping, nc and some other tools to check that.)





I know that my instance is in some custom, non-default EC2 Security Group named, let's say my-security-group, but I don't know its rules.




How to list these rules with the access level I have got?




Update 1: My iptables rules are empty - let's assume that I am sure that its the Security Group that is blocking my traffic.


Answer



You can't. You can get a list of groups you're in at http://169.254.169.254/latest/meta-data/security-groups but it won't give you the rules themselves.


No comments:

Post a Comment

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...