I want to set up a security group to only allow ELB IP to ec2. How do I add the ELB's IP to the EC2's security group?
Your ELB has his own security group, so you need to go inside EC2 instance security group and add an inbound rule where the source will be Custom and enter your ELB security group id.
To check which Security Group is used (security group id) by your ELB, go into Load Balancers inside EC2 Dashboard and after you choose your LB, you can find SG inside tab Description under Security.