When I run
ec2-describe-group database
I get
PERMISSION 890752071609 database ALLOWS tcp 3306 3306 FROM USER 890752071609 NAME default ID sg-5ce3766c ingress
PERMISSION 890752071609 database ALLOWS tcp 3306 3306 FROM USER 890752071609 NAME app-server ID sg-b81b8088 ingress
PERMISSION 890752071609 database ALLOWS tcp 6379 6379 FROM USER 890752071609 NAME default ID sg-5ce3766c ingress
PERMISSION 890752071609 database ALLOWS tcp 6379 6379 FROM USER 890752071609 NAME app-server ID sg-b81b8088 ingress
PERMISSION 890752071609 database ALLOWS tcp 0 65535 FROM USER 890752071609 NAME database ID sg-d262f1e2 ingress
PERMISSION 890752071609 database ALLOWS tcp 22 22 FROM CIDR 0.0.0.0/0 ingressHowever, when I try to connect to port 6379 using redis-cli from a machine in the default app-server groups, I get a redis timeout error.
If I explicitly add the elastic IP of the server I want to connect from, the redis-cli call works. However, I want to be more flexible, and add the entire security group instead.
The amazon docs state
By specifying a security group as the source, you allow incoming traffic from all instances that belong to the source security group. The incoming traffic that you allow is based on the private IP addresses of the instances in the source security group. You might specify another security group in your account if you're creating a three-tier web service (see Creating a Three-Tier Web Service).