Use of Heroku AWS security group and account id no longer recommended

Change effective on 24 October 2013

Previously, Heroku recommended using our AWS security group and AWS account ID to grant apps access to other services running on AWS. Example use cases were:

  • Using AWS RDS with a Heroku app
  • Sending Heroku app logs to a Syslog server running on AWS EC2
  • Accessing other services running on AWS from Heroku apps

This approach is no longer recommended and the relevant documentation has been removed. Reasons for no longer recommending this include:

  • Cross-security grants don’t work with AWS VPC (which is now the default on AWS)
  • It’s not safe because it grants access to all apps running on Heroku, not just yours
  • Doesn’t work across AWS regions
  • Heroku may in the future run apps in a VPC or in a different region or use a different AWS account

If you are using Heroku with a AWS RDS database, we recommend using SSL to secure database connections. Find links and details in the Amazon RDS Dev Center article.