I have a set of services in ECS set up as Tasks hooked into Services that each have their own TargetGroup inside an Application Load Balancer (ALB). The Tasks needs to be able to connect to each other, for which they would need ingress access to the ALB.
The only way i can get this to work is by opening up the ALB Security Group to all incoming traffic. Or by allowing public ip's for each instance in ECS, which is a difficult set up to automate.
Ideally i would be able to allow incoming requests to the ALB from the EC2 Instance Security Group, but since that only works for private IP's it does not resolve.
Looks like you can do this using an "internal" Application Load Balancer since it routes traffic to the private ip's.
Both Classic and Application Load Balancers now support the "internal" scheme.
Thanks for your help @MarkB