'Can Instances in the same security groups can communicate each other any how

Can Instances in the same security groups in Amazon VPC can communicate each other any how

amazon-vpc


Solution 1:[1]

It depends on the rules. The fact that two or more instances are associated with the same security group is not related to the allowed traffic.

Security groups is a set of allowed traffic rules, while the reference point is the instances themselves (meaning incoming traffic into the instance or outgoing traffic from the instance). The definition whether instances have access to each others depends on the security groups' rules and the network ACLs' rules.

The communication will not be blocked as long there are rules that allow it. A communication can be RDP, ICMP, HTTP/S and more, but it should be allowed in both security groups and NACLs.

A note to remember: by default, AWS blocks ICMP communication (ping), therefore, although the security group may have "All Traffic" allowed rule a ping request will fail if there is no specific rule that allows it.

Solution 2:[2]

Rules to connect to instances from an instance with the same security group

To allow instances that are associated with the same security group to communicate with each other, you must explicitly add rules for this.

The following table describes the inbound rule for a security group that enables associated instances to communicate with each other. The rule allows all types of traffic.

Protocol type Protocol number Ports Source IP
-1 (All) -1 (All) -1 (All) The ID of the security group

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/security-group-rules-reference.html

Solution 3:[3]

Security Group name used in Source & Destination of FireWall rules

To create Security Group, we need to specify the FireWalled type of Inbound and Outbound rules.

Each Rule consists of Protocol, port number and Source (for inbound) or Destination (for outbound) IP addresses that are allowed, not denied.

But why is it that we can indicate Source or Destination as the name of a Security Group?

We do that because we want to refer to the IP addresses (for Source or Destination) of another appliance/instance which are associated with that specific Security Group. [Some people say these appliance/instance is in that specific Security Group]. But specifying Security Group or IP address is one thing. For communication to be successful, the allowed protocol and port number should be explicitly stated in the rule as well.

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 Lior Kirshner
Solution 2 Nerijus Vaičiulis
Solution 3 Allan Kor

Related Questions

Connect AWS Service from on-premise server by Site-to-site VPN instead of Internet

Connect AWS Amplify React Dashboard to backend services in private VPC

Terraform how to output object id that were created using count

Creating a VPC Interface Endpoint for SQS in Cloud Formation

Do I have to change my AWS VPC settings if client's VPN is updated?

Calling Service A from B is giving connecton refused using ECS CLI with docker compose. What might be the reason?

AWS System Manager start session: An error occurred (TargetNotConnected) when calling the StartSession operation: <instance_id> is not connected

How can an S3 event trigger a Lambda Function in a VPC?

Allow AWS Aurora VPC Cluster to be publicly accessible using CDK

How do you choose an unused VPC CIDR Block with Terraform?

AWS Config advanced query to limit results based on relationship congigurations

AWS OpenSearch running in vpc behind Nginx dont show the tenants

AWS CLI - Create script to add my IP to security group

AWS API Gateway VPC Link : accessing private HTTP API from AWS API Gateway

disassociate EIP and then convert to vps eip