Amazon is migrating RDS Security Groups to VPC Security Groups

AllCloud Blog:
Cloud Insights and Innovation


Dear customers & Partners,

In the coming days the RDS Security Groups will be migrated to VPC Security groups – thank you AWS team for consolidating the security groups to one place. (relevant customers will get direct mail from AWS)

Once the consolidation process is complete, you will see the following changes:

  • Your previously created DB Security Groups in VPC are replaced with VPC Security Groups.  These VPC Security Groups can be identified by looking at their description, which starts with “Security Group for RDS”.
  • The network access rules defined for the newly created VPC Security Groups are copied from the existing DB Security Groups so that there is no connectivity impact.
  • The DB Security Group memberships of DB Instances is replaced with VPC Security Group memberships.

For new DB Instances created in VPC: After the migration, the following changes will be applicable:

  • You will not be able to associate DB Security Groups to your new (or existing) DB Instances in VPC.
  • To control network access, you will need to associate VPC Security Groups directly to DB instances.
  • You need to use the Amazon EC2 APIs or “Security Groups” screen of the Amazon EC2 (or Amazon VPC) service in the AWS Management Console to create Security Groups and manage network access rules to your DB Instances in VPC. Visit Working with Security Groups section of the Amazon VPC User Guide to learn more:

If you are not using Amazon RDS instances within Amazon VPC, you can continue to use DB Security Groups for controlling network access.

Refer to the Amazon RDS User Guide to learn more about the difference between DB Security Groups and VPC Security Groups:

Thank you, Lahav Savir

Lahav Savir

Founder and CTO, Cloud Platforms

Read more posts by Lahav Savir