Making the AWS VPC sec groups modular

I was starting to create many SGs and from a point I wanted to make them rather modular to keep them DRY.

At first I tried to create a SG that allowed all traffic from my local static IPs as inbound rule and allowed all traffic to everywhere as outbound rule.

I wanted to add this SG to other SG inbound rules.....but after reading the AWS documentation about VPC SGs it was clear that this is not possible

`When you specify a security group as the source for a rule, this allows instances associated with the source security group to access instances in the security group. (Note that this does not add rules from the source security group to this security group.)` are the exact words.

Then I realised that the VPC sec groups are enforced on instance level...

So the obvious way that I didn't catch from the beginning was to break my SG rules in logical modules [small SGs] which I could combine by assigning them to every instance per use case.

Eg... this instance will be accessible only from the bastion host and the local ips...so I assign to it the 2 specific SGs , one for each case. :]