I'm trying to create a security group that allows all inbound traffic originating from within my VPC. I thought I could simply specify my CIDR block, but that doesn't seem to work and requests fail unless I create a rule which allows inbound traffic from anywhere.
What's the right way to allow inbound traffic from any EC2 instance within the same VPC?
It will work just fine.
For example, if your VPC is setup with a CIDR range of 10.0.0.0/16, you can create a Security Group with an Inbound rule and a source of 10.0.0.0/16.
That will allow inbound access from any Elastic Network Interface (eg instance, load balancer, RDS instance) within the VPC.
Make sure that you access the target instance via its Internal IP Address. Using its Public IP Address will fail the Security Group check since it is coming from outside the allowed CIDR range.
