is iptable whitelisting secure enough in AWS

Suppose my app is hosted on multiple servers, within the same data center (say in AWS or DigitalOcean). To secure communication between these servers, I use iptable to whitelist each other’s IP.

Question: is whitelisting IP secure enough to ensure the identity of the request? Or it’s actually possible for a hacker server within the same data center to spoof IP, thus foolinga me thinking it’s one of my own servers.