AWS security groups

hey guys! I am trying out rancher with AWS and Cattle. Just having trouble launching instances. It says it cannot connect to public ip on port 2376 on the new instance, and that is because I only opened ports to the internal network on the rancher-machine security group. Problem is, I am using Route53 integration, and for that to work properly, Rancher needs to operate with the instances public IP, not the internal.
So, my question is: do you guys just leave the docker ports and the IPsec ports open to Or should I try a different approach?

Rancher does not use the TCP docker port and does not need it exposed. The agent runs on each host and uses the local unix domain socket.

When you use docker-machine to create a host it insists on adding security group entries for SSH, Docker, and Swarm (22, 2376, 3376) ( ).

1 Like

Is there an alternate way to create ec2 instances through Rancher? I’ve been looking through the docs without much luck. In the cattle code, I’m only seeing settings for docker-machine, so I’m thinking that’s the only way for now.