This will require either teaching the script to handle sg-to-sg grants, or (my preference) rewriting the security group to use cidr grants instead.
George suggests teaching the script, though. Which is probably the more modern approach anyway.
However, that's not compatible with eventually allowing inter-region communication, which we may want. It's also different from everything else, and consistency is good. Also, the aws_manage_securitygroups script isn't well-designed to handle managing sg-to-sg grants.
Created attachment 8527761 [details] [diff] [review] bug1104034-ip-based.patch
Assignee: nobody → dustin
Attachment #8527761 - Flags: review?(gmiroshnykov)
Attachment #8527761 - Flags: review?(gmiroshnykov) → review+
Comment on attachment 8527761 [details] [diff] [review] bug1104034-ip-based.patch I'll change the proxxy instances over to the new SGs now.
Attachment #8527761 - Flags: checked-in+
Status: NEW → RESOLVED
Last Resolved: 3 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.