Are Amazon EC2 Private IPs reachable from any instance running in EC2?

Amazon EC2 provides security groups which your instance is a part of, then this allows you to grant permissions to other groups of hosts on your account or other external hosts. See the [User Guide][1] -> Concepts -> Network security for a little overview.

Normally in the "default" security group you have full access to other members in the group (i.e. all of your other default hosts) and no external inbound access. Other hosts inside EC2 that are on other accounts, or on your account but not in the "default group will not be able to access your instance.

You can add rules for a security group to grant access to other security groups, or add rules to grant access to IP addresses/ranges.

To answer your question a bit more directly: so long as your security group rules only allow access from the same group, then your instances should be firewalled from access by any other customer, even though they share the same IP space.

[1]: http://docs.amazonwebservices.com/AWSEC2/latest/UserGuide/ EC2 User Guide

Gareth - I assume both groups have the SSH port open, thus succesful SSH from one account to the other does not indicate your conclusion. The idea is simple - within a security group - all ports are open - outside access - is per your definition - and for that matter, another group in Amazon is just the same as external access.