So I have an AWS instance and it's a member of a security group. I have a Route53 domain name setup pointing to an ELB above the instance, both the ELB and the instance are in the same security group.
When I add the security group to itself I am unable to curl https://my_url/, however when I remove the security group as the source on the ingress rule and replace it with the public IP address of the instance I am then able to curl the public domain name. Am I wrong in thinking that adding the security group into it's own ingress rules should allow access to the box on it's public IP address?
Am I best to place the ELB into a separate security group and add a rule to allow one SG to route to the other SG?
The reason I need to connect to the box on it's own public IP, is that I am using a security appliance running in another docker instance on the same app server that will only bind to one URL and I either have to come in from the public URL or start to run a separate BIND server that will return the private IP of my app instance and this feels worse than using the public IP address.
Thanks for any help.
