问题
From the doc: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html#security-group-rules
Source or destination: The source (inbound rules) or destination (outbound rules) for the traffic. Specify one of these options:
(...)
Another security group. This allows instances associated with the specified security group to access instances associated with this security group. This does not add rules from the source security group to this security group. You can specify one of the following security groups:
The current security group.
As someone tried it?
I created 2 boxes BoxA, BoxB. I created a Security group GroupA with inbound from Source GroupA on port "All port". If I try from BoxA to telnet BoxB on port 9000 with BoxB having a simpleHttpServer on port 9000 I get nothing.
What could I do wrong?
回答1:
I found my answer: Can't communicate between two ec2 instances in the same security group via public ip address?
Need to use private IP or whitelist the public IPs. I wish it was described in the documentation.
回答2:
I was confused about what it exactly means to add another security group in Source (Inbound Rules) and Destination (Outbound Rules) when adding a new rule. I found the explanation given below (source: https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html#SecurityGroupRule) very useful.
"When you specify a security group as the source for a rule, traffic is allowed from the elastic network interfaces (ENI) for the instances associated with the source security group for the specified protocol and port. Adding a security group as a source does not add rules from the source security group."
来源:https://stackoverflow.com/questions/45416882/aws-security-group-include-another-security-group