So can two EC2 instances within the same security group allow each other's ports be probed by ICMP?
By default - No! As there is no rule defined for inbound traffic that allows ICMP.
If one has to configure this security group to allow these two EC2 instances to allow each other to be pinged (ICMPed) you'll have to configure an ICMP inbound rule where the source of the traffic happens to be the same security group itself! See the self referencing entry as mentioned in the attached image.
Creation of such a security group be useful to allow and control ICPM traffic between all EC2 instances within the VPC by ensuring that each EC2 instance has such a group added to it in addition to the other security groups required.
No comments:
Post a Comment