[fbags]

As a simple example, if you have a moderate number of hosts in a single security group (e.g. 200+ hosts), you can expect to have intermittent communication problems between the nodes. They used to deny this was a problem.

here's a source, since you're attacking and disbelieving everybody who doesn't love AWS: http://searchcloudcomputing.techtarget.com/news/2240203992/N...

[wpietri]

Asking politely phrased questions is not an "attack". I just looked through the last 30 days of his comments, and I don't see anything attack-like there.

[dsl]

It may or may not be the same issue, but from what I have been able to gather a modification of a security group is basically a "delete, recreate, repopulate" operation. All of our intermittent network issues could be reasonably tied back to SG modifications.

[fbags]

That's a different issue. This one is instances that are launched into an sg that is then left unmodified. If there are a moderate to large number of instances in that sg, intermittent network connectivity problems will ensue.

The issue you mention (where you have to treat sg's as being immutable if you want them to work reliably) is another problem with the sg's.