I have an EC2 instance running an HTTP server in one security group (lets call it SG1) and a number of other EC2 instances in a second security group (SG2) which need to make requests to the first.
If I allow HTTP (TCP port 80) inbound traffic for 0.0.0.0/0, there is no problem.
If I replace that rule by specifying that inbound traffic is allowed from SG2 I can't access the server from anywhere (including the EC2 instances in SG2).
My ACL is permissive enough in either case (allowing all traffic) and regardless it doesn't change.
I should be able to allow inbound traffic by sgID as indicated by the following message that is displayed in the console when configuring SG1:
Determines the traffic that can reach your instance. Specify a single IP address, or an IP address range in CIDR notation (for example, 203.0.113.5/32). If connecting from behind a firewall, you'll need the IP address range used by the client computers. You can specify the name or ID of another security group in the same region. To specify a security group in another AWS account (EC2-Classic only), prefix it with the account ID and a forward slash, for example: 111122223333/OtherSecurityGroup.
