I found the following outbound rule which destination is itself in a security group
sg-012345 - rule x
Outbound rules
Type Protocol Port range Destination
..... other rules
All traffice All All sg-012345 (rule x)
..... other rules
What's the purpose of this rule?
That's called self-referencing rule.
By creating a self-referencing rule, you can restrict the source to the same security group, and it's not open to all networks. The default security group for your VPC might already have a self-referencing inbound rule for ALL Traffic
Inbound Self Referencing:
It means if the resource(e.g. EC2) has this security group(sg-012345) can accept traffic from any other resource(e.g. EC2) that has this security as well.
Rules to connect to instances from an instance with the same security group
Outbound Self Referencing:
It means if the resource(e.g. EC2) has this security group(sg-012345) can send traffic to any other resource(e.g. EC2) that has this security as well.
For example, you might want to allow access to the internet for software updates, but restrict all other kinds of traffic. You must first remove the default outbound rule that allows all outbound traffic.
There is one more important thing called connection tracking
Security groups are stateful—if you send a request from your instance, the response traffic for that request is allowed to flow in regardless of inbound security group rules. For VPC security groups, this also means that responses to allowed inbound traffic are allowed to flow out, regardless of outbound rules. For more information, see Connection tracking.
For example, in this case Setting Up a VPC to Connect to JDBC Data Stores you can see both rules how they help.