I want all members of security group sg-a to be able to access several ports, e.g. 6443 (kubernetes api server), on all instances in sg-a: including themselves.
I create a rule in sg-a that says
sg-a However, instanceA cannot access port 6443 on itself.
When I update "Source" to Source: instanceA.public.ip.address , then instanceA can access port 6443 on itself.
However, I now have instance specific rules in my security group. If possible, I would like to find a solution where I do not have to add new rules when I add a new instance to my security group
For the security group to operate as you describe, the instances will need to connect to each other via a Private IP address.
The fact that it works if you allow the Public IP address indicates that the connection is being made by the public IP address.