If you assume they had no pressing need for any VPC specific functionality, you ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

jmccree on June 27, 2014 | parent | context | favorite | on: Migrating From AWS to FB

If you assume they had no pressing need for any VPC specific functionality, you can get similar security by locking your security group/s down to only ELB for public service ports and having one instance in another security group with ssh/vpn allowed (to specific ips) as a jump box/vpn. Spending weeks of multiple teams engineering time to move to VPC without a pressing need would seem to me to make little business sense.

purephase on June 27, 2014 [–]

Agreed. This is the route I use and it works fine. I can see how it could quickly get out of hand with a lot of security groups, and I would love some sort of security group inheritance, but for -100 instances, it is not the hard to keep the public access to ELB.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact