From my understanding, in order ECS within same VPC (intranet) to communicate between them we need to put them in the same security group. By default firewall policy for inbound is deny all and outbound is allow all. Someone can verify this?
My question is if there is incoming external connection to communicate with one ECS only (lets say using port 443), so we need to create a new security group that is applicable to that particular ECS and create firewall rule with priorty that is lower than previous security group?