security – Only allows the Angular application to access the Node application (same EC2 instance) and to block Node for everyone

I have hosted both my angular application (port # 4200) and my node (port # 3000) on the same instance EC2.
Both are currently accessible to all.
I want to limit access to the Node application so that only Angular can connect to it and be blocked for all others.

What I already did: –

  1. The incoming rule of the EC2 security group for port 3000 is defined as such public IP
    xx.xx.xx.xx / 32

  2. The incoming rule of the EC2 security group for port 3000 is defined as such private IP
    172.xx.xx.xx / 32

In both cases, my node application generates a timing error.

OPTIONS http: //xx.xx.xx.xx: 3000 net :: ERR_CONNECTION_TIMED_OUT