Security groups are an important means for security isolation. Security groups are used to control access to and from one or more Elastic Compute Service (ECS) instances. You can add an ECS instance to one or more security groups based on your business needs. Each ECS instance must belong to at least one security group. By default, each instance can belong to up to five security groups.
Prerequisites
- An instance is created. For more information, see Create an instance by using the wizard.
- The ECS instance and the security group to which you want to add the instance are of the same network type. If the network type is Virtual Private Cloud (VPC), the security group and the ECS instance must reside in the same VPC.
- If the ECS instance already belongs to a security group, this new security group must be of the same type as the security group to which the ECS instance already belongs. For more information, see Overview.
Add an instance to one or more security groups
Perform the following steps to add an instance to one or more security groups on the Instances page.
Add one or more instances to the same security group
Perform the following steps to add one or more instances to the same security group on the Security Groups page.
What to do next
- You can view all security groups that you create within a region. For more information, see Query security groups.
- You can remove an instance from one or more security groups. After an ECS instance is removed from a security group, the instance is isolated from the other ECS instances in the security group. To ensure that services run properly after an ECS instance is removed, we recommend that you perform sufficient tests before you remove the ECS instance. For more information, see Remove an instance from a security group.
- You can delete security groups that are no longer needed. When a security group is deleted, its rules are also deleted. For more information, see Delete a security group.