Are EC2 security group changes effective immediately for running instances?

45,129

Solution 1

Seems like yes (quoting AWS documentation):

You can modify rules for a group at any time. The new rules are automatically enforced for all running instances and instances launched in the future.

A simple test of disallowing access to a certain (previously accessible) port also confirmed this.

Solution 2

The 'listen_addresses' directive on postgresql.conf defaults to 127.0.0.1 only. It should be changed to listen_addresses = '*' to accept connections from 0.0.0.0/0

Share:
45,129
geekyaleks
Author by

geekyaleks

Java developer; more active on Stack Overflow and some of the newer SE sites. Linux user since 1998. Server administration isn't my main thing, but from time to time I do some of that too at work: Setting up & maintaining tools such as Jenkins, Mediawiki, Confluence, Subversion, GitLab, PostgreSQL and MySQL; mostly on Linux (Ubuntu, Debian, Red Hat or Fedora). Deployment of Java webapps, with e.g. Tomcat, Jetty, JBoss and Apache. Recently I've been learning about and using AWS as a platform for enterprise Java apps and for R&D infra. (Interesting how developer and sysadmin roles converge to some extent when cloud is your platform...) Automating setup of development and CI servers, using Puppet and common UNIX tools.

Updated on September 17, 2022

Comments

  • geekyaleks
    geekyaleks over 1 year

    I have an EC2 instance running, and it belongs to a security group. If I add a new allowed connection to that security group through AWS Management Console, should that change be effective immediately? Or perhaps only after restart of the instance?

    In my case, I'm trying to allow access to PostgreSQL's default port (tcp 5432 5432 0.0.0.0/0), and I'm not sure if it's the EC2 firewall or PostgreSQL's settings that are refusing the connection.

  • Adrian Ionut
    Adrian Ionut about 13 years
    I tested this and it's true.
  • shonky linux user
    shonky linux user over 6 years
    However when allowing access to a previously disallowed resource it can take up to a minute or two before the new policy becomes effective and access is granted.
  • Admin
    Admin over 6 years
    I've had several instances where both allowing and disallowing have taken over 30 seconds to propagate. So instant is definitely not true. Pretty fast though... but be patient for a minute or two before drawing conclusions :)
  • Ravinder Reddy
    Ravinder Reddy about 6 years
    Link posted in the answer seems broken as on today. Can someone correct it please?