0

I have my production EC2 instances inside a VPC and to get the data from S3 we used provide the S3 url. Till now the data flow was through the internet and I have implement VPC endpoints to redirect the data flow within the VPC inorder to make it secure and reduce cost.

I have configured my VPC endpoints but my security groups are not listing it in the normal security groups page in EC2 tab. I have to navigate to VPC tab and then security groups to identify the endpoint.

Is there a difference between EC2 security group and the security group in VPC?

Please see the 2 security group images below

Security group in EC2 tab

Security group in VPC tab

Arjun Prasad
  • 173
  • 1
  • 13
  • Yikes, that's strange. It's the same security group ID, so it's the same group. I haven't used VPCEs in production so I haven't noticed this. The [docs](http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-endpoints.html#vpc-endpoints-security-groups) say to use the VPC console to edit the security group, but I haven't seen any caveat that says the EC2 console would show something inconsistent. – Michael - sqlbot Mar 02 '17 at 12:56
  • I'm using an old account which was started years back and still has some ec2-classic instances. I'm not sure if there are some account dependencies, But I cant figure it out. I'm trying to check with AWS for some answers. Will update here if I get any. – Arjun Prasad Mar 03 '17 at 09:01
  • Received an update from AWS regarding this. Please see comment. "I don't believe a screen share would be necessary as i have reproduced the issue and got the same result as you. It seems the issue is specifically in Mumbai region and it works momentarily with CLI but reverts back when more rules are added and refreshed. I am taking this up with the service team once i have gathered all my troubleshooting analysis. I will provide you with feedback once i get a response from the service team. I apologize for the inconvenience this has caused thus far. " – Arjun Prasad Mar 08 '17 at 09:26

2 Answers2

1

I can see S3 endpoints in both the EC2 console and the VPC console.

I saved this after I took the screenshot.

VPC SG Console

EC2 SG Console

I guess being a new feature it has some bugs.

Tim
  • 31,888
  • 7
  • 52
  • 78
  • Well I have seen the same in my personal account, so I wondered why it was not coming in my company account. Although on a different note, I wonder why AWS has security groups in VPC console as well as in the EC2 console!! – Arjun Prasad Mar 03 '17 at 09:02
  • Seems like an bug with respect to the Mumbai region. Awaiting more details from AWS. – Arjun Prasad Mar 08 '17 at 09:28
0

This was a bug in the newly launched Mumbai Region. I have received an update from AWS that this has been fixed. I have tested and it seems working without any issues now.

Arjun Prasad
  • 173
  • 1
  • 13