7 comments

[ 67.3 ms ] story [ 331 ms ] thread
"Security groups (which define what IPs can access what ports, similar to basic IPTables firewall rules) cannot be shared between EC2-Classic and EC2-VPC,"

That is no longer true. In December 2014 Amazon launched ClassicLink, which lets you add EC2-Classic instances to VPC security groups.

https://aws.amazon.com/blogs/aws/classiclink-private-communi...

http://www.youtube.com/watch?v=HexrVfuIY1k&t=33m33s

Author here - Actually, the big problem was RDS EC2-Classic DB security groups, which ClassicLink doesn't help with. ClassicLink certainly is a feature, but it's not one that would have helped with the subset of groups that we were having trouble with.
(comment deleted)
What a coincidence - that's exactly what I did too, except I used IPTables and just PATed the connections.
Nice writeup, Tiru!
Nice writeup, Tiru!