NEW Featured eBook: AWS Cloud Cost Allocation: The Complete Guide - Download Now

How to Change Security Group in AWS EC2 Instance

To change an AWS EC2 instance’s security group, open the Amazon EC2 Console and Select “Instances.” Click “Change Security Groups” under “Actions” and select the security group to assign an instance. You can remove pre-existing security groups by choosing “Remove” then save.

Security groups control traffic within an EC2 according to preset inbound and outbound rules. They provide instance-level security, and you can apply them to one or more instances. There should be one instance associated with at least one security group.

Security groups consist of a set of rules that manage both inbound and outbound traffic on instances. Ideally, they function like virtual firewalls and should form a defense for existing instances.

AWS automatically assigns a default security group upon launching EC2 instances in Virtual Private Cloud (VPC). Security groups apply to the instances assigned by the user during launch or after creating the instance. You can either add rules to the default security group or delete them entirely.

How to Create a New Security Group

You can create a security group through the AWS Management Console. In the console, select ‘‘Security Groups” followed by the “Create Security Group” button. 

Create a default security group name and add a description saying how you intend to use the security group. A unique name helps to distinguish it from other security groups. After adding a short description, make sure you assign it to a specific VPC where it will reside.

Once you have entered the basic details, configure both inbound and outbound rules.  

Best Practices for AWS EC2 Instances’ Security Groups 

Since security groups control both incoming and outgoing traffic, make sure you assign instances to the right security groups. Here are some of security groups’ best practices:

Review Security Groups Associated with Instances

It’s best to look at each security group associated with an EC2 instance for a clear picture of what it regulates. You can check security groups for compliance, organizational policies, etc. This helps you to understand your AWS security posture.

Categorize Security Groups

Categorize security groups depending on their functions. This makes it easy to manage different connections effectively and ensures you don’t interfere with other groups when making changes.

Restrict Access to EC2 Security Groups

One of the best ways to secure sensitive information on AWS is to restrict access to EC2 security groups. This is possible through assigning Identity and Access Management (IAM) permissions and policies to security groups. Limiting access to EC2 security groups prevents insider, brute-force, and DDoS attacks.

Minimize Use of Multiple Security Groups

While you can apply multiple security groups to an EC2 instance, it’s best to minimize that. This is because there is always a risk of overlapping security rules. This is especially true when there is a change to the state of ports.

Using nOps to Audit Security Groups

You can use nOps to audit security groups and increase your organization’s security and compliance. With nOps auditing, you can identify risks and streamline your security groups for maximum security.

Schedule a Demo to start with nOps!

nOps Changesets integrates with Git and Terraform to streamline the process of identifying and fixing code related to storage optimization. This not only reduces manual work but also speeds up the process of implementing cost-saving measures.

using nOps certified integration with Amazon EventBridge, we can intelligently update configurations on resources that are not controlled by IaC. This results in up to 20% cost savings and enables organizations to enact bulk automated updates of storage, further increasing efficiency.

Seamlessly integrate with GitLab and GitHub, providing a centralized hub to manage recommendations. Empower engineers to take action, make efficient decisions, and continuously improve resource allocation.