Some customers would like to have greater control over (essentially) firewall settings of EC2 instances (for example IP-lock inbound rules to the location of Bamboo server).
Currently, Bamboo does not let them do it - it will allow only new rules, changes to existing rules (SSH,RDP,Tunnel) will be reverted.

We should add a configuration option that would prevent Bamboo from fully controlling rules in existing groups. With this option enabled, security group rule sync would be slightly changed:

• if the group didn't exist, inbound rules would be added as they are today.
• if the group already existed, SSH and RDP settings wouldn't be touched.
• if the group already existed, tunnel port rule would have to exist, but could be IP-locked. An IP-locked rule would be logged at DEBUG level.