I would like to create simple rule in AWS security group which would, by default, enable access to specific port ONLY to the instances running in specific AWS region (for example: us-east-1). I know that security groups are tied to specific AWS region and with that assumption, I thought there is some straightforward way to create rule in security group for specific port which would disable access for requests coming from instances in other AWS regions.
While google-ing around, I've found a list of ip ranges for specific regions on AWS: https://ip-ranges.amazonaws.com/ip-ranges.json but list is not small so adding list of all ip ranges for specific region would be my last resort.
Thanks in advance.
The list that you are referencing ip-ranges.json only lists AWS resources and not other IP addresses that may exist in other regions.
Security groups are not tied to an AWS region. Security Groups are a software defined network (SDN) firewall attached to a network interface. Security Groups have no inherit knowledge of AWS Regions.
Short of using geolocation, there is no reliable method to know where traffic originates when it arrives at the AZ of your instance. An AWS region does not use only a specified IP address range. An AWS region can change the addressing ranges (adding, deleting, etc.) at any time. AWS supports Bring Your Own IP which further makes this impossible.