Can't communicate between two EC2 instances in the same security group via public ip address?

Question

I can't connect to another EC2 instance in the same security group using public ip.

If I try to connect using public DNS name and private ip, it is working fine.

What I have done so far:

• created two EC2 public instances
• attached both instances to security group sg-12345
• added inbound rules
  • all traffic, source=sg-12345
  • SSH port=22, source= my ip (this is to login into my EC2 instance from my desktop)

Answer 1

When you use public IP the traffic exits your VPC and comes back in, at which point it is no longer identified as coming from that security group. It looks just like random Internet traffic at that point. Stick to using private IP for both security and speed.

From the docs:

When you specify a security group as the source for a rule, traffic is allowed from the network interfaces that are associated with the source security group for the specified protocol and port. Incoming traffic is allowed based on the private IP addresses of the network interfaces that are associated with the source security group (and not the public IP or Elastic IP addresses).