How to attach or change a security group on an EC2 instance


You can attach up to 5 security groups to an EC2 instance, this gives you the flexibility to define more rules in a manageable way.

This how-to guide will explain in detailed steps how you can attach or change security groups (sg) on an Amazon EC2 instance via the AWS Console or the AWS CLI.

Here are the steps that allow you to associate a security group to a running EC2 instance.

How to attach a security group on an Amazon EC2 instance in the AWS Console

To successfully add a security group to an existing EC2 instance in the AWS Console follow these 2 steps down below.

1. Open the AWS Console and find the EC2 instance

Visit the EC2 service in the AWS Console and look for the EC2 instance you wish to attach a new security group.

List instances on the EC2 service in the AWS Console

2. Change security groups on the EC2 instance network

Next, you have to right-click on the EC2 instance. Click on Security and then click on the option Change security groups.

You’ll be greeted with a configuration wizard that allows you to change security groups on the running EC2 instance. At the bottom, you can see which security groups are already associated with your EC2 instance.

To attach another security group to the EC2 instance, you need to click on the dropdown menu to select an available security group and then click Add security group.

Attach another security group to an Amazon EC2 instance

Finish the process by clicking Save and you’ll be greeted with the following message.

Security groups for eni-0a55d9aef825f1d97 changed successfully

How to change a security group on an Amazon EC2 instance using the AWS CLI

To make use of the AWS Command Line Interface (CLI) with your AWS account to run commands you should set up the required AWS profile and CLI tool first.

1. Show which security groups are associated with the instance

First, describe the security groups that are currently associated with the EC2 instance using the describe-instance-attribute command.

➜ aws ec2 describe-instance-attribute --instance-id i-025888f3bcbef23ef --attribute groupSet
{
    "Groups": [
        {
            "GroupName": "test-cloudNation-vpc-skeletonVPCNatSecurityGroup08D55A09-LCFW3O99AQ9G",
            "GroupId": "sg-0c35f9949d1b6f560"
        }
    ],
    "InstanceId": "i-025888f3bcbef23ef"
}

2. Modify instance attribute with the new security group

Now in order to attach another security group to the instance, you run the following aws ec2 command in your terminal.

➜ aws ec2 modify-instance-attribute --instance-id i-025888f3bcbef23ef --groups sg-0c35f9949d1b6f560 sg-0601ef39f9e2f00f0

Note: make sure to also specify the security group id that is already associated with your instance, otherwise it will be removed. Basically, the command allows you to add multiple security groups to an instance.

When you run the describe-instance-attribute command again, you should see two security groups associated with the EC2 instance.

➜ aws ec2 describe-instance-attribute --instance-id i-025888f3bcbef23ef --attribute groupSet
{
    "Groups": [
        {
            "GroupName": "test-cloudNation-vpc-skeletonVPCNatSecurityGroup08D55A09-LCFW3O99AQ9G",
            "GroupId": "sg-0c35f9949d1b6f560"
        },
        {
            "GroupName": "default",
            "GroupId": "sg-0601ef39f9e2f00f0"
        }
    ],
    "InstanceId": "i-025888f3bcbef23ef"
}

Conclusion

This guide has shown how to associate another security group to a running EC2 instance using the AWS CLI method or the AWS Console method.


Danny Steenman

Is a Principal Cloud Consultant with a background in DevOps Engineering and thorough hands-on experience in architecting and building highly scalable distributed systems on AWS Cloud using Infrastructure as Code.

A prominent leader who is passionate about sharing AWS technical expertise by writing technical articles.