You can add an ECS instance to one or more security groups based on your business needs. An ECS instance can be added to a maximum of five security groups.

Prerequisites

Before you add an ECS instance to a security group, make sure that the following requirements are met:
  • An instance is created. For more information, see Create an instance by using the wizard.
  • The ECS instance and the security group to which you want to add the instance are of the same network type.
  • If the ECS instance already belongs to a security group, this new security group must be of the same type as the security group to which the ECS instance already belongs. For more information, see Overview and Advanced security group.

Background information

Security groups are an important means for security isolation. A security group can control access to the ECS instances in it. An ECS instance must belong to one to five security groups.

In the ECS console, you can go to the Instances page or choose Network & Security > Security Groups in the left-side navigation pane of the Overview page to add an ECS instance to a security group.

Procedure

  1. Log on to the ECS console.
  2. In the left-side navigation pane, choose Instances & Images > Instances.
  3. In the top navigation bar, select a region.
  4. On the Instances page, find the ECS instance and click Manage in the Actions column.
  5. On the Instance Details page, click the Security Groups tab.
  6. Click Add to Security Group.
  7. In the Add to Security Group dialog box, select a security group from the drop-down list. To add the ECS instance to multiple security groups, select a security group and then click Join Multiple Security Groups. The selected security group is automatically added to the selection box that appears. Repeat this operation to add more security groups to the selection box.
    Security Grou
  8. Click OK.
    After the ECS instance is added to a security group, the security group rules in the security group automatically apply to the instance.

What to do next

  • You can view all security groups you created in a region. For more information, see Query security groups.
  • You can remove an instance from one or more security groups. After an ECS instance is removed from a security group, the instance is isolated from the other ECS instances in the security group. We recommend that you perform sufficient tests before you remove an ECS instance to ensure that services can run properly after the ECS instance is removed. For more information, see Remove an instance from a security group.
  • You can delete one or more security groups that are no longer needed. When a security group is deleted, its rules are also deleted. For more information, see Delete security groups.