How to attach or change a security group on an EC2 instance

You can attach up to 5 security groups to an EC2 instance, this gives you the flexibility to define more rules in a manageable way.

This how-to guide will explain in detailed steps how you can attach or change security groups (sg) on an Amazon EC2 instance via the AWS Console or the AWS CLI.

Here are the steps that allow you to associate a security group to a running EC2 instance.

Table of Contents

How to attach a security group on an Amazon EC2 instance in the AWS Console

To successfully add a security group to an existing EC2 instance in the AWS Console follow these 2 steps down below.

1. Open the AWS Console and find the EC2 instance

Visit the EC2 service in the AWS Console and look for the EC2 instance you wish to attach a new security group.

List instances on the EC2 service in the AWS Console

2. Change security groups on the EC2 instance network

Next, you have to right-click on the EC2 instance. Click on Security and then click on the option Change security groups.

You’ll be greeted with a configuration wizard that allows you to change security groups on the running EC2 instance. At the bottom, you can see which security groups are already associated with your EC2 instance.

To attach another security group to the EC2 instance, you need to click on the dropdown menu to select an available security group and then click Add security group.

Attach another security group to an Amazon EC2 instance

Finish the process by clicking Save and you’ll be greeted with the following message.

How to change a security group on an Amazon EC2 instance using the AWS CLI

To make use of the AWS Command Line Interface (CLI) with your AWS account to run commands you should set up the required AWS profile and CLI tool first.

1. Show which security groups are associated with the instance

First, describe the security groups that are currently associated with the EC2 instance using the describe-instance-attribute command.

➜ aws ec2 describe-instance-attribute --instance-id i-025888f3bcbef23ef --attribute groupSet
{
    "Groups": [
        {
            "GroupName": "test-cloudNation-vpc-skeletonVPCNatSecurityGroup08D55A09-LCFW3O99AQ9G",
            "GroupId": "sg-0c35f9949d1b6f560"
        }
    ],
    "InstanceId": "i-025888f3bcbef23ef"
}

2. Modify instance attribute with the new security group

Now in order to attach another security group to the instance, you run the following aws ec2 command in your terminal.

➜ aws ec2 modify-instance-attribute --instance-id i-025888f3bcbef23ef --groups sg-0c35f9949d1b6f560 sg-0601ef39f9e2f00f0

Note: make sure to also specify the security group id that is already associated with your instance, otherwise it will be removed.

Basically, the command allows you to add multiple security groups to an instance.

When you run the describe-instance-attribute command again, you should see two security groups associated with the EC2 instance.

➜ aws ec2 describe-instance-attribute --instance-id i-025888f3bcbef23ef --attribute groupSet
{
    "Groups": [
        {
            "GroupName": "test-cloudNation-vpc-skeletonVPCNatSecurityGroup08D55A09-LCFW3O99AQ9G",
            "GroupId": "sg-0c35f9949d1b6f560"
        },
        {
            "GroupName": "default",
            "GroupId": "sg-0601ef39f9e2f00f0"
        }
    ],
    "InstanceId": "i-025888f3bcbef23ef"
}

Conclusion

This guide has shown how to associate another security group to a running EC2 instance using the AWS CLI method or the AWS Console method.

Want to join us? Join for tips, strategies, and resources that I use in my solo cloud agency to build well-architected, resilient, and cost-optimized AWS solutions on AWS.

Join ↓

Join 1k+ AWS Cloud enthusiasts

Loved by engineers worldwide

amazon ec2, aws cli, aws console, security