My understanding of AWS Security Groups is that it is essentially a whitelist.
Everything is blocked unless explicitly allowed.
Let's say hypothetically that I have some EC2 instances setup with autoscaling.
In the context of autoscaling, I won't necessarily know what those future IP's will be.
Say I have a set of EC2 instances that are used for databases like mysql or MongoDB.
I want to only allow my application servers to be able to access my database servers.
Is there a way to create a tag for an EC2 instance and per the security group, allow any EC2 instance with a certain tag?
How is this usually done in the real world?