How to add a security group to a running EC2 Instance?
Solution 1:
Update: As of January 2014, you can now change security groups for running AWS EC2 instances.
AWS Console
Simply right-click on an instance, and click on Change Security Group
Add/remove security groups as appropriate and click Assign Security Groups when done
EC2 Command Line
Use the following command:
ec2-modify-instance-attribute <instance-id> --group-id <group-id>
AWS Command Line
Use the following command:
aws ec2 modify-instance-attribute --instance-id i-12345 --groups sg-12345 sg-67890
Note, you must specify all security groups with which you'd like the instance associated.
Solution 2:
Update 2015-02-27:
This is now possible, see the answer below.
Old reply:
Amazon's FAQ says it's not possible to define a security group anywhere but at launch time.
Solution 3:
It is now possible to do this. Click on the actions menu and Change Security Groups - Select the Security Groups you would like to use.
Solution 4:
- Create an AMI image from the instance you want to move to a different security group.
- Launch a new instance using that image, now we can assign this new instance to a different security group.
- Discard the previous instance.
This requires downtime on your instance. There may be some other options available using the API.
Solution 5:
As towo said you can't change a security group of an instance anywhere but launch time.
Unless you are using a VPC where security groups differ from EC2 security groups.
This page outlines the differences between EC2 and VPC security groups.
http://docs.amazonwebservices.com/AmazonVPC/latest/UserGuide/VPC_SecurityGroups.html
So if you require the extra functionality of the VPC groups (Changing groups, control ingress/engress traffic, etc.), you may want to look at the additional functionality provided by VPCs.