Allow traffic from any instance in AWS VPC
'm trying to create a security group that allows all inbound traffic originating from within my VPC. I thought I could simply specify my CIDR block, but that doesn't seem to work and requests fail unless I create a rule which allows inbound traffic from anywhere.
What's the right way to allow inbound traffic from any EC2 instance within the same VPC?
Add the CIDR block of your VPC to your ingress rules of your security group.
You will also need to ensure that egress rules are configured for your other security groups to allow outbound traffic from your instances. Again, you can limit it to the same CIDR block.
For example, if your VPC CIDR block was 10.0.0.0/16
, then:
- On your target security group, add an ingress rule on the desired port for
10.0.0.0/16
. - On all possible source security groups, add an egress rule on the desired port for
10.0.0.0/16
.
However, to be more secure, I would recommend permitting traffic based on security group rather than CIDR block. For example:
- On your target security group, add an ingress rule on the desired port for the source security group.
- On your source security group, add an egress rule on the desire port for the target security group.