Customers choosing to migrate applications from EC2-Classic to Amazon Virtual Private Cloud (Amazon VPC) can use the ClassicLink feature, which allows them to associate (link) EC2-Classic instances with Amazon VPC security groups in the same AWS Region. ClassicLink facilitates incremental migrations to Amazon VPC because it enables customers to maintain private communication between instances in the two platforms.

During a migration, it is important to mirror applicable network-configuration changes in EC2-Classic to the target Amazon VPC network. This will maintain network communication between application components both during and after the migration. For example, new instances might be added to an EC2-Classic environment over the course of a migration due to manual capacity adjustments or in response to Auto Scaling events, and these instances will require ClassicLink associations with the target VPC. Likewise, EC2-Classic security group changes will need corresponding VPC security group changes to maintain connectivity after migration has completed.

The ClassicLink Mirror solution helps customers keep their networks consistent during migration, automatically mirroring EC2-Classic security groups to Amazon VPC, fully managing those groups, and replicating any changes in EC2-Classic security group rules or instance memberships in the associated VPC.

The diagram below presents the ClassicLink Mirror components that you can deploy using the solution's implementation guide and accompanying AWS CloudFormation template.

  1. Launch the solution's AWS CloudFormation template and then apply resource tags to the EC2-Classic security groups you want to mirror to Amazon VPC.
  2. ClassicLink Mirror uses Amazon CloudWatch and AWS Lambda to create a set of mirrored security groups in a new VPC that you create.
  3. ClassicLink Mirror manages and maintains the mirror throughout the duration of your migration. It automatically replicates changes from your tagged EC2-Classic security groups (rules and instance memberships) to Amazon VPC.
Deploy Solution
Implementation Guide

What you'll accomplish:

Deploy a ClassicLink Mirror using AWS CloudFormation. The CloudFormation template will automatically launch and configure the components necessary to mirror and manage security group settings from EC2-Classic to Amazon VPC.

Automatically maintain a mirror throughout the duration of your migration. ClassicLink Mirror uses Amazon CloudWatch and AWS Lambda to manage security groups in the designated VPC and update the mirror each time you make a change to your EC2-Classic security groups.

What you'll need before starting:

An AWS account: You will need an AWS account to begin provisioning resources. Sign up for AWS.

Skill level: This solution is intended for IT infrastructure and networking professionals who have practical experience configuring network and security settings on the AWS cloud.

Q: Does ClassicLink Mirror make changes to my EC2-Classic resources?

ClassicLink Miirror actions are unidirectional. When you make changes to appropriately tagged EC2-Classic security groups, the solution's AWS Lambda function will replicate those changes on the Amazon VPC side. Note that ClassicLink Mirror will overwrite and update Amazon VPC security groups as necessary to maintain the mirror.

Q: How much will it cost to run the ClassicLink Mirror solution?

You are responsible for the cost of the AWS services used while running this reference deployment. AWS Lambda pricing is based on invocation count and duration. See the implementation guide for detailed information.

Q: Can I deploy the ClassicLink Mirror solution in any AWS Region?

This solution is for EC2-Classic customers and uses the AWS Lambda service. You must launch this solution in an AWS Region that supports both AWS Lambda and EC2-Classic: Asia Pacific (Tokyo) Region, EU (Ireland) Region, US East (N. Virginia) Region, US West (Oregon) Region.

Amazon VPC Documentation

ClassicLink in the Amazon VPC User Guide

Need more resources to get started with AWS? Visit the Getting Started Resource Center to find tutorials, projects and videos to get started with AWS.

Tell us what you think