I have created a Kuberenetes cluster on Amazon EKS. The security groups are showing not allowing any inbound traffic except for the other security group id of the EKS nodes and cluster.

Howerver, when I run:

kubectl port-forward <pod-name-here> 6379

I am able to successfully hit that pod from my local machine telnet 127.0.0.1 6379. How is this working if the AWS security group does not explicitly allow inbound 6379 publically?