I have 2 VPCs (default and special) each hosting 1 EC2 instance.
Both instances have the same security group (say name = internal). The security group allows All Traffic from internal (a circular reference for inbound traffic).
Also, I have VPC peering enabled, however I am unable to change the following settings:
- Allow outbound communication from ClassicLink instances to accepter VPC
- Allow outbound communication to ClassicLink instances in accepter VPC
- Allow outbound communication from ClassicLink instances to requester VPC
- Allow outbound communication to ClassicLink instances in requester VPC
These are all disabled.
I am unable to ping from one instance to the other (in both directions). I can ping both instances from my laptop.
If I explicitly allow all inbound traffic from [Instance A's IP] then I can ping Instance B from Instance A.
In short, this fails:
but this works (in one direction, assuming Instance A has a public IP 1.2.3.4):
How can I enable my instances to communicate adding each IP address explicitly to the security group?
The issue was that we were using the public IP (rather the name resolved to the public IP). The private IP worked fine.
In our case, this meant changing some Route53 records to use internal CNAME instead of public A records.