Communicate within same EC2 Security Group

amazon-web-services amazon-ec2

The behavior you describe is normal, since when communicating between instances via elastic IP, the identity of the machine within the security group -- for purposes of security group configurations relying on an sg-xxxxxxxx source -- can't really be established with full confidence, because translating the addresses sends the traffic (presumably) through intermediate hardware and the traffic no longer is being seen as originated directly from the instance.

The solution is to name your hosts in DNS with CNAME records pointing to the public DNS record, instead of A records pointing to a specific IP address.

In the company.com DNS zone:

worker-1   IN  CNAME  xx-xx-xx-xx.compute-1.amazonaws.com.

Now, worker-1.company.com will resolve to the private IP if queried from inside, and the public IP from outside.

Related

Run included ansible task as standalone task
OpenSSL always shows "unsupported" for all subjectAltName "otherName" UTF8 values
new DNS zone with Forward to external DNS
How do I generate an IAM policy for making snapshots?
Remount root RW without reboot
How do I access a google cloud storage bucket using a service account from the command line?
Packet captures: filtering on RX vs TX
Unable to map a network drive from a Windows NT PC, to a Windows 2000 PC
Possible to authenticate Samba via Kerberos but without domain-join?
tail -f not following log file in Docker container
Windows 2012 RDS Server asking for Licensing Mode when it's already set?
In OpenVPN, what's the risk of omitting the key-direction when using tls-auth?