Migrating from EC2-Classic to VPC with zero downtime
playfab.com"Security groups (which define what IPs can access what ports, similar to basic IPTables firewall rules) cannot be shared between EC2-Classic and EC2-VPC,"
That is no longer true. In December 2014 Amazon launched ClassicLink, which lets you add EC2-Classic instances to VPC security groups.
https://aws.amazon.com/blogs/aws/classiclink-private-communi...
Author here - Actually, the big problem was RDS EC2-Classic DB security groups, which ClassicLink doesn't help with. ClassicLink certainly is a feature, but it's not one that would have helped with the subset of groups that we were having trouble with.
Similarly, Instagram faced similar issues and developed Neti for the task.
https://github.com/Instagram/neti
And the blog article:
http://instagram-engineering.tumblr.com/post/89992572022/mig...
Now, Instgram's path was AWS EC2-Classic -> AWS VPC -> FB, however it is still relevant.
Nice writeup, Tiru!