Changing an EC2 Instance’s Security Group

How to change an EC2 Instance’s Security Group

A number of folks have asked me how to change an EC2 instance’s security group – Amazon’s documentation will tell you that “After you launch an instance in EC2-Classic, you can’t change its security groups” (from While this is technically true, creating a new instance that is a member of the security groups you wish and attaching the previous instance’s EBS volumes is an easy way to accomplish the same thing. Instructions below.

Modifying an EC2 Instance’s Security Group:

  1. Note instance attributes of the EC2 instance for which you wish to modify security group membership. For example, note the instance’s availability zone, AMI, instance-type.
  2. Shutdown the instance.
  3. Create a new instance. Use the same attributes as the previous instance: the same availability zone, the same AMI, the same instance-type. Make one modification – the security groups of this new instance should reflect the desired security group configuration.
  4. Note the new instance ID. Ensure that both the previous and new instances are in a “shut-down” state.
  5. Detach volume(s) from previous instance.
  6. Attach volume(s) to new instance.
  7. Startup the new instance – you’ll find that the new instance contains all the same data and attributes as the previous instance – the only difference will be the Security Group configuration of the new instance.

If you have any questions, comments or suggestions please feel free to comment.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s