Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
Migrating from EC2-Classic to VPC with zero downtime (playfab.com)
21 points by seattlematt on March 10, 2015 | hide | past | favorite | 5 comments



"Security groups (which define what IPs can access what ports, similar to basic IPTables firewall rules) cannot be shared between EC2-Classic and EC2-VPC,"

That is no longer true. In December 2014 Amazon launched ClassicLink, which lets you add EC2-Classic instances to VPC security groups.

https://aws.amazon.com/blogs/aws/classiclink-private-communi...

http://www.youtube.com/watch?v=HexrVfuIY1k&t=33m33s


Author here - Actually, the big problem was RDS EC2-Classic DB security groups, which ClassicLink doesn't help with. ClassicLink certainly is a feature, but it's not one that would have helped with the subset of groups that we were having trouble with.


[deleted]


What a coincidence - that's exactly what I did too, except I used IPTables and just PATed the connections.


Similarly, Instagram faced similar issues and developed Neti for the task.

https://github.com/Instagram/neti

And the blog article:

http://instagram-engineering.tumblr.com/post/89992572022/mig...

Now, Instgram's path was AWS EC2-Classic -> AWS VPC -> FB, however it is still relevant.


Nice writeup, Tiru!




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: