适用于入站流量的AWS安全组

Question

I have two AWS Linux AMI servers. One with a Node.JS HTTPS server and the second running my Mongo DB.

The only way to connect to my Mongo DB server is through my Node.JS server.

In my in the AWS security group for the Mongo DB server I was able to put the name of the the AWS security group for the Node.JS server in the 'Source' column in the 'Inbound' tab and it allowed connectivity, but I'm wondering what setting the security group actually does?

More specifically, what IP addresses is this allowing?

If you click the 'i' next to Source it states:

Answer 1

I initially resorted to using the "private IP address" for communication between AWS instances because according to AWS documentation ,

A private IP address is an IP address that's not reachable over the Internet. You can use private IP addresses for communication between instances in the same network (EC2-Classic or a VPC).

But after some discussion (see comments below) it seems the better solution may be to utilize AWS Security Groups. My initially hesitation in using AWS security groups was unfounded.

My fear was that if I added the same security group assigned to my Node.js server to the 'Source' for the inbound traffic tab of my MongoDB server, then my MongoDB server would inherit the same inbound traffic rules (all traffic).

The aforementioned fear is unfounded because setting the inbound source to a security group does NOT inherit the rules, but rather simply allows inbound traffic from any instance that has been assigned to that security group.