How to change an EC2 Instance’s Security Group
A number of folks have asked me how to change an EC2 instance’s security group – Amazon’s documentation will tell you that “After you launch an instance in EC2-Classic, you can’t change its security groups” (from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html#ec2-classic-security-groups). While this is technically true, creating a new instance that is a member of the security groups you wish and attaching the previous instance’s EBS volumes is an easy way to accomplish the same thing. Instructions below.
Modifying an EC2 Instance’s Security Group:
- Note instance attributes of the EC2 instance for which you wish to modify security group membership. For example, note the instance’s availability zone, AMI, instance-type.
- Shutdown the instance.
- Create a new instance. Use the same attributes as the previous instance: the same availability zone, the same AMI, the same instance-type. Make one modification – the security groups of this new instance should reflect the desired security group configuration.
- Note the new instance ID. Ensure that both the previous and new instances are in a “shut-down” state.
- Detach volume(s) from previous instance.
- Attach volume(s) to new instance.
- Startup the new instance – you’ll find that the new instance contains all the same data and attributes as the previous instance – the only difference will be the Security Group configuration of the new instance.
If you have any questions, comments or suggestions please feel free to comment.