You can add an ECS instance to one or more security groups based on your business needs. An ECS instance can be added to up to five security groups.

Background

A security group controls access to ECS instances. An ECS instance must belong to one or more (up to five) security groups.

Prerequisites

  • You have created an ECS instance.
  • An ECS instance of the classic network type must be added to a security group of the classic network type in the same region.
  • An ECS instance of the VPC type must be added to a security group in the same VPC.
  • If an ECS instance has been added to a security group, the new security group to which the ECS instance is to be added must be of the same type as the other security group. For more information, see Security group overview and Advanced security group overview.

Procedure

In the ECS console, you can add an ECS instance to a security group on the Instance page. You can also do it on the Network & Security > Security Groups page.

  1. Log on to the ECS console.
  2. In the left-side navigation pane, choose Network & Security > Security Groups.
  3. On the Instances page, locate the ECS instance to be added to the security group. Click Manage in the Actions column.
  4. Click Security Groups in the left-side navigation pane.
  5. Click Add to Security Group.
  6. Select the security group. If you want to add the ECS instance to multiple security groups, select a security group and then click Join multiple security groups. A selection box appears that shows the selected security groups.
  7. Click OK.

After you add an ECS instance to a security group, the security group rules automatically apply to the ECS instance.

Related APIs

You can call JoinSecurityGroup to add an ECS instance to a specified security group.

Related operations

  • You can query security groups if you want to view all security groups you have created in a region.
  • You can remove an instance from a security group if you do not want an ECS instance to belong to one or more security groups. The removed ECS instance will be isolated from other ECS instances in the security group. We recommend that you perform a full test before the remove operation to ensure that the business can run properly after the removal of the ECS instance.
  • You can delete one or more security groups if you no longer need them. After you delete a security group, its rules will also be deleted.