You can add an ECS instance to one or more security groups based on your business needs. An ECS instance can be added to a maximum of five security groups.
Prerequisites
Before you add an ECS instance to a security group, make sure that the following requirements
are met:
- An instance is created. For more information, see Create an instance by using the wizard.
- The ECS instance and the security group to which you want to add the instance are of the same network type.
- If the ECS instance already belongs to a security group, this new security group must be of the same type as the security group to which the ECS instance already belongs. For more information, see Overview and Advanced security group.
Background information
Security groups are an important means for security isolation. A security group can control access to the ECS instances in it. An ECS instance must belong to one to five security groups.
In the ECS console, you can go to the Instances page or choose
in the left-side navigation pane of the Overview page to add an ECS instance to a security group.Procedure
What to do next
- You can view all security groups you created in a region. For more information, see Query security groups.
- You can remove an instance from one or more security groups. After an ECS instance is removed from a security group, the instance is isolated from the other ECS instances in the security group. We recommend that you perform sufficient tests before you remove an ECS instance to ensure that services can run properly after the ECS instance is removed. For more information, see Remove an instance from a security group.
- You can delete one or more security groups that are no longer needed. When a security group is deleted, its rules are also deleted. For more information, see Delete security groups.