Allow ports on EC2 only for Heroku

amazon-ec2 heroku

I have some services - mysql, some HTTP services - which I would like to have open for Heroku exclusively. I can define IP adress / IP mask (I am not sure what it is in EC2 security groups). Which IP or mask fits only Heroku? I guess Heroku has more IPs it can possibly access my EC2 instance from.

How can I allow access to some EC2 ports only for Heroku?


As described in Heroku's devcenter, to open your EC2 server to Heroku you can use the command:

$ ec2-authorize YOURGROUP -P tcp -p 3306 -u 098166147350 -o default

This will create a rule in the security group YOURGROUP from Heroku that will allow Heroku to connect to your server through TCP port 3306.

When connecting from the Heroku App to the EC2 server, instead of using the elastic IP, you should use the full public DNS record: ec2-x-x-x-x.compute-1.amazonaws.com.

Sources:

https://devcenter.heroku.com/articles/external-services

https://forums.aws.amazon.com/message.jspa?messageID=209565


I've asked the same question to Heroku support. They said to use the same configuration used for Amazon RDS.

https://devcenter.heroku.com/articles/amazon_rds

Related

Can you have multiple writable, authoritative BIND DNS servers for the same zone, like AD-integrated DNS?
Active Directory, control to users
Samba capabilities & functionality
Configuration Deployment to Linux Systems [closed]
Setting up Debian 7 static IP address range
How to disable Stackdriver Monitoring for a project
Highlight label if checkbox is checked
How to disable / enable dialog negative positive buttons?
Generate random numbers following a normal distribution in C/C++
Extension methods cannot be dynamically dispatched
Spring Boot Rest Controller how to return different HTTP status codes?
Node.js console.log vs console.info