AWS load balancer Only Allow Traffic From aws instances

Question

In my application, I am using prisma, Apollo server with graphql.

I have configured two load balancer for two instances.

In instance A, I set up Apollo, Graphql and attached to Load Balancer A.

In instance B, I set up Prisma for database connection and attached to Load Balancer B.

I created 4 security groups for instances and load balancers.

Rule 1: Load Balancer A will accept traffic from anywhere. It's working proper.

Rule 2: Instance A will accept traffic from only Load Balancer A. It's working proper.

Rule 3: Instance B will accept traffic from Load Balancer B.

I want to create security group for Load Balancer B which will accept traffic only from Instance A/Load Balancer A.

If I will put ip address of Instance A, then it will work but I want to put security group.

I tried with security group of Instance A/Load Balancer A and both but it's not working. It should work but I don't understand why it's not working.

Answer 1

Finally, I got solution. I updated schema from internet facing to internal for my application LB. I attached the private IP of Instance A. It's working properly now.

Answer 2

Load Balancer B will never receive traffic from LB A, so that rule is unnecessary. Security groups as sources in security group rules (i.e. saying SG A is allowed to access SG B on some port) works only for private IPs (i.e. communication over private network within a VPC). If you're using public IPs, you have no choice but to specify the public IP of the instance (or NAT gateway if the instance is private).

Now, if these are in the same VPC, you could just use private network communications between them, and you could simplify your SGs significantly.