You can add an ECS instance to one or more security groups according to your business needs. By default, an ECS instance can join up to five security groups.


Security groups are an important means for network security isolation. They are used to set network access control for one or more ECS instances. Each instance must belong to at least one security group.


  • You have created an ECS instance.
  • Classic network instances must join a security group of the classic network in the same region.
  • VPC instances must join a security group in the same VPC.


  1. Log on to the ECS console.
  2. In the left-side navigation pane, click Instances.
  3. Select a region.
  4. Select the target instance on the Instances page. Click Manage in the Actions column.
  5. Click Security Groups.
    Security Groups
  6. Click Add to Security Group.
    Add an instance to a security group
  7. Select the security group to which the instance will be added. If you need to add the instance to multiple security groups, select a security group and then click Join multiple security groups. A selection box appears that shows the selected security groups.
    Join multiple security groups
  8. Click OK.
    Confirm to join the security group

After the instance is added to a security group, the rules of that security group apply to the instance automatically.

API operations

You can use the JoinSecurityGroup interface to add an instance to a specified security group.

What to do next

  • If you want to view all the security groups that you have created under a region, you can view the security group list.
  • If you want to modify the name and description of a security group, you can modify security group attributes.
  • If you want to remove an instance from one or more security groups, you can remove an instance from a security group. If an instance is removed from a security group, it can no longer communicate with other instances in that group through the intranet. Therefore, we recommend that you test your running environment before removing the instance to ensure that your services can continue to run normally.
  • If you no longer need one or more security groups, you can delete security groups. Deleting a security group will delete all its rules.