AWS EC2 Security group access itself via HTTP
The default AWS security group references itself in the Source field implying that the instance can communicate with itself:
However, being logged in to the instance over SSH and trying to curl it by the DNS name resolving to the public instance's IP ends up with a curl timeout error.
The only solution I've come up with is to add the public IP of the instance into the security group instead of the sec group ID, but it's not flexible - I don't want any so highly focused security groups.
Why doesn't the default security group, assigned to an instance, allow all traffic from the instance itself?
Using a security group ID as a source only works when the traffic is addressed to the private IP. By trying to hit the public IP the traffic is being routed outside the VPC and back in to the VPC, at which point the source security group information has been lost.