Custom EC2 Security Groups

2011/08/21

Scalarium manages the EC2 SecurityGroups for you by default.

Scalarium generates a special SecurityGroup for every build-in role and assigns it to every instance on boot. This way Scalarium can make sure that only your own application servers are allowed to talk to your MySQL server or the web servers are publicly reachable via port 80.

But sometimes you need more flexibility, e.g you want to open a special port on a custom role. Previously you had to open this port on the SecurityGroup "Scalarium-Custom-Server", the general group for all custom roles.

We just deployed a feature that allows you to specify one or more custom SecurityGroups per role:

Under the "Role Settings" tab of every role you can now specify a comma separated list of EC2 SecurityGroups. Scalarium will use those when starting the instance in addition to the build-in SecurityGroups. This allows you to manage your filtering in a more fine-grained way.

In order to create and manage the custom SecurityGroups please use the AWS console.

Please note that due to EC2 limitations the SecurityGroups of running instances cannot be changed. Also, assigning a non-existent SecurityGroup will result in a failed boot.

Please check that the created SecurityGroups belong to the same Credential and AWS Region you use in your Scalarium environment. If you use multiple regions/credentials you will have to create the SecurityGroups for each region/credential.