Scenario / Questions

I have an EC2 instance running, and it belongs to a security group. If I add a new allowed connection to that security group through AWS Management Console, should that change be effective immediately? Or perhaps only after restart of the instance?

In my case, I’m trying to allow access to PostgreSQL’s default port (tcp 5432 5432 0.0.0.0/0), and I’m not sure if it’s the EC2 firewall or PostgreSQL’s settings that are refusing the connection.

Find below all possible solutions or suggestions for the above questions..

Suggestion: 1

Seems like yes (quoting AWS documentation):

You can modify rules for a group at
any time. The new rules are
automatically enforced for all running
instances
and instances launched in
the future.

A simple test of disallowing access to a certain (previously accessible) port also confirmed this.

Suggestion: 2

The ‘listen_addresses’ directive on postgresql.conf defaults to 127.0.0.1 only.
It should be changed to listen_addresses = ‘*’ to accept connections from 0.0.0.0/0