54

I have an EC2 instance running, and it belongs to a security group. If I add a new allowed connection to that security group through AWS Management Console, should that change be effective immediately? Or perhaps only after restart of the instance?

In my case, I'm trying to allow access to PostgreSQL's default port (tcp 5432 5432 0.0.0.0/0), and I'm not sure if it's the EC2 firewall or PostgreSQL's settings that are refusing the connection.

Jonik
  • 2,961
  • 4
  • 38
  • 48

2 Answers2

67

Seems like yes (quoting AWS documentation):

You can modify rules for a group at any time. The new rules are automatically enforced for all running instances and instances launched in the future.

A simple test of disallowing access to a certain (previously accessible) port also confirmed this.

João Lourenço
  • 103
  • 2
Jonik
  • 2,961
  • 4
  • 38
  • 48
  • 9
    I tested this and it's true. – Elad May 24 '11 at 10:58
  • 4
    However when allowing access to a previously disallowed resource it can take up to a minute or two before the new policy becomes effective and access is granted. – shonky linux user Oct 05 '17 at 00:18
  • 5
    I've had several instances where both allowing and disallowing have taken over 30 seconds to propagate. So instant is definitely not true. Pretty fast though... but be patient for a minute or two before drawing conclusions :) –  Oct 06 '17 at 00:12
  • 1
    Link posted in the answer seems broken as on today. Can someone correct it please? – Ravinder Reddy Apr 30 '18 at 12:25
2

The 'listen_addresses' directive on postgresql.conf defaults to 127.0.0.1 only. It should be changed to listen_addresses = '*' to accept connections from 0.0.0.0/0

Shyam Sundar C S
  • 1,063
  • 8
  • 12