I was asked to allow different IP addresses to gain access to a specific machine from AWS. Initially I thought: oh well, this is quite easy to do from AWS Console -> Security Groups -> Inbound -> Edit -> Type the new IP address and hit OK.
After taking a closer look I realized that this Security Group was shared by other AWS instances and this new rule would have been used by all the shared instances which was not desirable.
OK, in this case I had to take a different approach: changing the Security Group for that machine. I went to the menu associated to that instance and changing the Security Group option was disabled.
The reason was that I was using an AWS Classic Instance which does not allow a security group to be changed after its launched. Using a VPC one can re-assign the security group once it’s being launched and one will have more flexibility for modifying security groups settings in general.
The best solution in this case was to create a new instance and assign a new Security Group to it.
The steps I had to take are described below:
– Create an AMI of the existing instance to preserve the data on it
– Setup all the settings for this new AMI
– Create a new instance using that AMI
– Terminate the old instance
– Associated the Elastic IP of the old instance to the new instance
This is a small drawback that AWS has when it comes to AWS Classic instances. Hopefully in the future one will simply change the Security Group without going through the whole hassle of creating new instances and dropping others.
Thoughts by Andrei Petrut 