So I have an AWS instance and it's a member of a security group. I have a Route53 domain name setup pointing to an ELB above the instance, both the ELB and the instance are in the same security group.
When I add the security group to itself I am unable to curl https://my_url/, however when I remove the security group as the source on the ingress rule and replace it with the public IP address of the instance I am then able to curl the public domain name. Am I wrong in thinking that adding the security group into it's own ingress rules should allow access to the box on it's public IP address?
Am I best to place the ELB into a separate security group and add a rule to allow one SG to route to the other SG?
The reason I need to connect to the box on it's own public IP, is that I am using a security appliance running in another docker instance on the same app server that will only bind to one URL and I either have to come in from the public URL or start to run a separate BIND server that will return the private IP of my app instance and this feels worse than using the public IP address.
Thanks for any help.
Give the docker instance host an elastic IP
Note the IP address associated with the elastic IP
Add the IP address associated with the elastic IP to the security rules for the ELB. Add it as allowing from that address on the appropriate port(s)