I helped a friend to connect two Windows EC2 instances on the AWS.
The nature of the project did not require an Amazon VPC, and so my approach was as follow:
1- Using RDP, I connected to each server and tried to ping the other server. I did not expect the two instances to each other.
2- For each EC2 instance, I jot down the IP and the Security Group ID.
3- I opened the security group of the first EC2.
4- The changes we need are part of the Inbound rules. I needed to add a new rule to allow incoming traffic from each EC2 to the other one.
5- From the Add Rule, I select ICMP-IPV4 as the rule type, select the Custom option for the Source and finally, select the security group if the other server. Click on the Save button.
Now, I could ping the target EC2.
By repeating the steps 3,4 and 5 for the second EC2, I opened the server to the first EC2.
You could select specific services such as SSH, HTTP, or even open a particular port for communication.
Share files between the two instances
So far, we have enabled ICMP for all ports, and now we can ping between both instances successfully.
The next step is to access share folders between the two instances.
The next step is critical. We have to open a few ports and add a few new rules to our security groups to allow fire sharing between our instances.
Microsoft Knowledgebase provides a lot of information as to how to enable file sharing and manage the firewall.
The following ports are associated with file sharing and server message block (SMB) communications:
- Microsoft file sharing SMB: User Datagram Protocol (UDP) ports from 135 through 139 and Transmission Control Protocol (TCP) ports from 135 through 139.
- Direct-hosted SMB traffic without a network basic input/output system (NetBIOS): port 445 (TCP and UPD).
Add new rules to each security group to enable the necessary ports:
After you updated your Security Groups, you have to make sure to open the same ports on your Windows EC2 instances.
A restart of the instances might be needed.