You can remove instances from security groups. When an ECS instance is removed from a security group, the instance is isolated from all the other ECS instances in the security group. We recommend that you perform tests in advance to ensure that services can continue to run properly after the instance is removed from the security group.

Prerequisites

The target instance is added to two or more security groups.

Background information

You can use one of the following methods to remove instances from a security group:

Remove a specific instance

  1. Log on to the ECS console.
  2. In the left-side navigation pane, choose Instances & Images > Instances.
  3. In the top navigation bar, select a region.
  4. On the Instances page, find the instance to be removed from a security group, and click Manage in the Actions column.
  5. In the left-side navigation pane, click Security Groups.
  6. Find the security group from which you want to remove the instance, and click Remove in the Actions column.
  7. In the Remove from Security Group message, click OK.

Remove multiple instances

  1. Log on to the ECS console.
  2. In the left-side navigation pane, choose Network & Security > Security Groups.
  3. In the top navigation bar, select a region.
  4. On the Security Groups page, find the security group from which you want to remove instances, and click the security group ID.
  5. In the left-side navigation pane, click Instances in Security Group.
  6. Select one or more instances, and click Remove from Security Group.
  7. In the Remove ECS Instance from Security Group message, click OK.