Are EC2 security group changes effective immediately for running instances?

amazon-ec2 firewall amazon-web-services
45,129

Solution 1

Seems like yes (quoting AWS documentation):

You can modify rules for a group at any time. The new rules are automatically enforced for all running instances and instances launched in the future.

A simple test of disallowing access to a certain (previously accessible) port also confirmed this.

Solution 2

The 'listen_addresses' directive on postgresql.conf defaults to 127.0.0.1 only. It should be changed to listen_addresses = '*' to accept connections from 0.0.0.0/0

Share:
45,129
geekyaleks
Author by

geekyaleks

Java developer; more active on Stack Overflow and some of the newer SE sites. Linux user since 1998. Server administration isn't my main thing, but from time to time I do some of that too at work: Setting up & maintaining tools such as Jenkins, Mediawiki, Confluence, Subversion, GitLab, PostgreSQL and MySQL; mostly on Linux (Ubuntu, Debian, Red Hat or Fedora). Deployment of Java webapps, with e.g. Tomcat, Jetty, JBoss and Apache. Recently I've been learning about and using AWS as a platform for enterprise Java apps and for R&D infra. (Interesting how developer and sysadmin roles converge to some extent when cloud is your platform...) Automating setup of development and CI servers, using Puppet and common UNIX tools.

Updated on September 17, 2022

Comments

  • geekyaleks
    geekyaleks almost 2 years

    I have an EC2 instance running, and it belongs to a security group. If I add a new allowed connection to that security group through AWS Management Console, should that change be effective immediately? Or perhaps only after restart of the instance?

    In my case, I'm trying to allow access to PostgreSQL's default port (tcp 5432 5432 0.0.0.0/0), and I'm not sure if it's the EC2 firewall or PostgreSQL's settings that are refusing the connection.

  • Adrian Ionut
    Adrian Ionut about 13 years
    I tested this and it's true.
  • shonky linux user
    shonky linux user over 6 years
    However when allowing access to a previously disallowed resource it can take up to a minute or two before the new policy becomes effective and access is granted.
  • Admin
    Admin over 6 years
    I've had several instances where both allowing and disallowing have taken over 30 seconds to propagate. So instant is definitely not true. Pretty fast though... but be patient for a minute or two before drawing conclusions :)
  • Ravinder Reddy
    Ravinder Reddy about 6 years
    Link posted in the answer seems broken as on today. Can someone correct it please?

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Troubleshooting "Network is unreachable" from within an Amazon VPC
FTP - 500 I won't open a connection to xx.xx.xx.xx
AWS EC2 deny single ip address and allow all
How do I keep my Amazon Linux EC2 instance /var/log/messages from being filled with dhclient and ec2net messages?
Pre-configured EC2 VPN AMI
Loading credentials JSON with AWS SDK Results in Error
How to connect Mac terminal with EC2 instance
Cannot connect to Cloudera Manager, not listening on port 7180
Restrict HTTP Access to Elastic Beanstalk
How to scp to ec2 instance via ssm agent using boto3 and send file