Reputation: 1457
Secure interaction between VPC and EC2-Classic instances
I am faced with a chicken and egg problem. I currently have a server in EC2 classic, as well as an RDS instance -- in EC2 classic as well. The EC2 instances also interact with Cassandra cluster, which also resides in EC2 classic.
However, I need to move RDS into the VPC. Now, in an ideal world, I'd have all of my stuff in VPC at this point. However, that presents a major migration challenge and I'd like to minimize impact on users and keep steps to minimum -- this is mainly because of the Cassandra cluster.
It turns out that I cannot create security group rules between VPC and Non-VPC security groups.
So, how can I have RDS in VPC that my EC2 instances can access w/o having to open up my RDS to the entire world ?
Any help is greatly appreciated.
UPDATE: So, one idea I had is to assign elastic IPs to my EC2 instances and add IPs explicitly to the security group for RDS within VPC. Would that work ? (trying it now using https://github.com/skymill/aws-ec2-assign-elastic-ip)
Upvotes: 0
Views: 310
Answers (2)
Reputation: 1457
So, I ended up solving it exactly like I described -- assign elastic IPs to my EC2 instances and add IPs explicitly to the security group for RDS within VPC. It ended up working great.
Upvotes: 0
Reputation: 34426
Yes, unfortunately that's the only way to do it. You cannot use DNS in security groups, so you're stuck with IP address.
Upvotes: 1
Related Questions
- AWS Ec2 Access which is private VPC
- VPC SSL/HTTPS environment
- AWS RDS VPC Security
- Using shared security group between VPC and EC2
- aws ec2 instances in different vpc subnets access each other
- Unsecured traffic between two ec2 instances within the same vpc
- EC2 Classic to VPC
- How do I secure access to a AWS classic EC2 machine from my LAN
- Amazon VPC to VPC connection
- Connect from EC2 Instance to VPC Instance