AWS Security group include another Security Group

Question

From the doc: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html#security-group-rules

Source or destination: The source (inbound rules) or destination (outbound rules) for the traffic. Specify one of these options:

(...)

Another security group. This allows instances associated with the specified security group to access instances associated with this security group. This does not add rules from the source security group to this security group. You can specify one of the following security groups:

The current security group.

As someone tried it?

I created 2 boxes BoxA, BoxB. I created a Security group GroupA with inbound from Source GroupA on port "All port". If I try from BoxA to telnet BoxB on port 9000 with BoxB having a simpleHttpServer on port 9000 I get nothing.

What could I do wrong?

shashi shashi · Accepted Answer · 2019-09-11T16:56:14

I was confused about what it exactly means to add another security group in Source (Inbound Rules) and Destination (Outbound Rules) when adding a new rule. I found the explanation given below (source: https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html#SecurityGroupRules) very useful.

"When you specify a security group as the source for a rule, traffic is allowed from the network interfaces that are associated with the source security group for the specified protocol and port. Incoming traffic is allowed based on the private IP addresses of the network interfaces that are associated with the source security group (and not the public IP or Elastic IP addresses). Adding a security group as a source does not add rules from the source security group."

AWS Security group include another Security Group

3 Answers