By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

What is the purpose of a self-referencing security group?

0

I'm working with some Terraform code which uses self = true in numerous Security Groups. I've asked my co-worker what the purpose of it is and they were not very certain. Only that it was there so the load balancer would work correctly.

I looked over the terraform documentation and it does not explain anything in detail: self - (Optional) If true, the security group itself will be added as a source to this ingress rule. (https://registry.terraform.io/providers/rgeraskin/aws3/latest/docs/resources/security_group)

I have found some other information, in the context of EC2, which mentions this makes it possible for multiple EC2 instances to communicate with each other by applying the same SG to all instances.

What does this do and in what circumstances require it?

Topics
Networking & Content Delivery
Tags
Security GroupTerraform
Language
English
Thomas
asked 2 months ago380 views
1 Answer
2
Accepted Answer

When you create an inbound security group rule you need to specify where the originating traffic is allowed is from. This could be an IP address, subnet, CIDR block, prefix list, or a security group. When you specify self = true, you are saying the originating traffic must come from some resource with that same security group applied. For example, an EC2 instance with that security group assigned would be able to reach another EC2 instance with that same security group.

https://docs.aws.amazon.com/vpc/latest/userguide/security-group-rules.html#security-group-referencing

AWS
Jason
answered 2 months ago
profile picture
EXPERT
Oleksii Bebych
reviewed a month ago
profile pictureAWS
EXPERT
Brettski-AWS
reviewed 2 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content