AWS announces the general availability for Security Group Referencing across VPCs connected by the AWS Transit Gateway. With this capability, customers can simplify management of Security Groups and gain a better security posture for their TGW based networks.
Customers can configure Security Groups by specifying a list of rules that allow network traffic based on criteria such as IP CIDRs, Prefix-Lists, Ports and SG references. Until now, customers were not able to use SG references for controlling traffic between VPCs connected via TGW. Security Group Referencing allows customers to specify other SGs as references, or matching criterion in inbound security rules to allow instance-to-instance traffic. With this capability, customers do not need to reconfigure security rules as applications scale up or down or if their IP addresses change. Rules with SG references also provide higher scale as a single rule can cover thousands of instances and prevents customers from over-running SG rules or ENI limits.
Security Group Referencing on TGW is available in all AWS Regions where Transit Gateway is available. You can enable this feature using the AWS Management Console, Amazon Command Line Interface, and the Amazon Software Development Kit. There is no additional charge for using Security Group Referencing on TGW. For more information, see the AWS Transit Gateway product, pricing and documentation pages.
Source:: Amazon AWS