After searching previous questions here, the general consensus seems to be if an instance that I own is assigned a private IP of 10.208.34.55, that only OTHER INSTANCES I OWN can reach it at that address. See:
How to encrypt traffic between two Amazon EC2 instances?
Is that correct? So I can treat all my instances as if they are on a LAN and authenticate and trust any machine coming from 10.XXX.XXX.XXX because I am sure I own it?
I just want to be sure. I'm finding that amazon seems to be rather more interested in waxing poetic about The Cloud and their 3-character abbreviations than actual providing clear technical documentation.
Best Answer
Amazon EC2 provides security groups which your instance is a part of, then this allows you to grant permissions to other groups of hosts on your account or other external hosts. See the [User Guide][1] -> Concepts -> Network security for a little overview.
Normally in the "default" security group you have full access to other members in the group (i.e. all of your other default hosts) and no external inbound access. Other hosts inside EC2 that are on other accounts, or on your account but not in the "default group will not be able to access your instance.
You can add rules for a security group to grant access to other security groups, or add rules to grant access to IP addresses/ranges.
To answer your question a bit more directly: so long as your security group rules only allow access from the same group, then your instances should be firewalled from access by any other customer, even though they share the same IP space.
[1]: http://docs.amazonwebservices.com/AWSEC2/latest/UserGuide/ EC2 User Guide