OK, again with them Minecraft servers. This time I already had a bunch of them up and running on different free tier instances on EC2. Now I wanted to add a database and connect some of the server plugins to this. The DB should run in its own EC2 instance and the Minecraft servers on their own. So how do I configure my instances so the Minecraft server instances can talk to the DB server but nothing outside my instances can talk to it?
EC2 uses Security Groups to define the firewall configurations. These are simple types of rules such as “Allow TCP from IP X”. But I cannot configure this with the other instances public IP address since all the instances keep changing their IP addresses as they are shut down and started again. So how can I do it? The solution is to put all the Minecraft servers in a specific Security Group. Then set the IP address where the DB server instance allows communications from to the name of the Security Group the Minecraft servers are on. And of course the port the DB server listents to.
The weirdest part of this is the poor documentation as I would not expect to write textual group names in a box expecting an IP address (numbers and dots). Only way I finally figured this out was to look at the “default” security group which is configured by default for such policy.
And how do you rename an existing security group? You dont (sheesh). But you can use an existing one, clone it, and give it a new name. Then go to EC2 instance management console, choose something like “network->change security group” to define your new security group for the instances. Then delete the old group.
Most of this is only possible if the instances are in the same VPC (virtual private cloud). Good thing is, AWS seems to create a VPC and link everything to this by default these days..