

Migrating from EC2-Classic to VPC with zero downtime - seattlematt
https://playfab.com/blog/2015/03/10/how-playfab-migrated-ec2-classic-vpc-zero-downtime

======
sciurus
"Security groups (which define what IPs can access what ports, similar to
basic IPTables firewall rules) cannot be shared between EC2-Classic and
EC2-VPC,"

That is no longer true. In December 2014 Amazon launched ClassicLink, which
lets you add EC2-Classic instances to VPC security groups.

[https://aws.amazon.com/blogs/aws/classiclink-private-
communi...](https://aws.amazon.com/blogs/aws/classiclink-private-
communication-between-classic-ec2-instances-vpc-resources/)

[http://www.youtube.com/watch?v=HexrVfuIY1k&t=33m33s](http://www.youtube.com/watch?v=HexrVfuIY1k&t=33m33s)

~~~
tirus
Author here - Actually, the big problem was RDS EC2-Classic DB security
groups, which ClassicLink doesn't help with. ClassicLink certainly is a
feature, but it's not one that would have helped with the subset of groups
that we were having trouble with.

------
ihsw
Similarly, Instagram faced similar issues and developed Neti for the task.

[https://github.com/Instagram/neti](https://github.com/Instagram/neti)

And the blog article:

[http://instagram-
engineering.tumblr.com/post/89992572022/mig...](http://instagram-
engineering.tumblr.com/post/89992572022/migrating-aws-fb)

Now, Instgram's path was AWS EC2-Classic -> AWS VPC -> FB, however it is still
relevant.

------
maslam
Nice writeup, Tiru!

