How to Add a Security Group to an EC2 Instance?

Description of the image

Amazon Elastic Compute Cloud (EC2) provides scalable computing capacity in the AWS cloud, making it easier for formulators to create and manage missions. One of the overcritical aspects of managing EC2 instances is ensuring they are secure. Security groups in AWS are a virtual firewall for your instance to control inbound and outbound business. 


A security group is a virtual firewall for your EC2 instances to control inbound and outbound business. When you commence an instance, you can define one or more security groups. Each instance in your VPC (Virtual Private Cloud) is a member of a security group, which means the regulations prescribed in the security group determine the business allowed to reach the instance. 

Security groups are stateful, meaning that the reaction is automatically allowed regardless of outbound regulations if you have an incoming request from a unique IP address and port. This simplifies the operation of your security programs.   

Creating a Security Group   

Before adding a security group to an EC2 instance, you need to produce the security group with the desired rules. You can do it by exercising the AWS Management Console.   

Creating a Security Group 

1. Open the Amazon EC2 console. 

Go to the AWS Management Console and open the Amazon EC2 console at (https//

Open the Amazon EC2 console

Navigate to Instance

2. Navigate to Security Groups  

Choose" Security Groups" in the navigation pane under the" Network & Security" section.   

Navigate to Security Groups 

3. Create a Security Group  

Click the" Create security group" button. Give a name and definition for the security group. The name should be descriptive enough to identify its purpose smoothly. Select the VPC where the security group will reside.   

 Create a Security Group 

4. Add Inbound Rules 

Click on" Add Rule" in the" Inbound Rules" section. Choose the type of trade you want (e.g., SSH, HTTP, HTTPS). Define the protocol and port range. Enter the source type. For illustration, you can define a single IP address, a range of IP addresses, or another security group.   

5. Add Outbound regulations (Optional). 

By default, security groups have all outbound business. If necessary, you can qualify this by adding special outbound regulations. Follow an analogous process, such as adding inbound regulations.   

6. Create Security Group 

Once you have configured your regulations, relate them to the "Create security group" button. After creating your security group, you can add it to an existing EC2 instance. 

Add Inbound Rules  and Outbound Rule

How to Create a Security Group using the AWS Management Console   

1. Open the Amazon EC2 console. 

Navigate to the EC2 console at (https//

2. Select Instances.  

In the navigation pane,  choose "Instances."   

3. Select Your Instance.  

Determine the instance where you want to add the screening group and select the following checkbox.   

4. Manage Security Groups  

Click on the "Actions" button, hover over "Networking," and also select "Change Security Groups." In the "Change Security Groups"  consultation box, you will know a list of all screen groups associated with the instance.   

5. Add the Security Group. 

Select the security group you created earlier from the list. To remove an existing security group, deselect it from the list.  Click on the "Assign Security Groups" button to apply the changes.   

How to Create a Security Group using the AWS CLI

Step 1: Install AWS CLI

Step 2: Get the current security groups associated with the instance

aws ec2 describe-instances --instance-ids i-1234567890abcdef0

Step 3: Add the new security group to the existing security groups

aws ec2 modify-instance-attribute --instance-id i-1234567890abcdef0 --groups sg-12345678 sg-87654321

Verifying Security Group Changes   

Once you have added the security group to your EC2 instance, it's essential to corroborate that the changes have been applied correctly and that the desired business is allowed. Here are some ways you can follow   

1. Check the Instance Details 

Go to the" Instances" page in the EC2 console. Select your instance and check the" Description" tab for the associated security groups.   

2. Test Connectivity

Depending on the regulations you added, try connecting to your instance. For illustration, if you added an SSH rule, try SSHing into your instance. If you added HTTP or HTTPS rules, try accessing the web server running on your case.   

3. Monitor Business  

Exercise AWS CloudWatch to monitor the business to and from your instance. This can help you identify any unexpected traffic patterns and ensure your security group rules perform as intended.   

How to Create an AWS Security Group Using Terraform


  • Terraform installed on your machine
  • AWS CLI configured with appropriate IAM permissions
  • Basic understanding of Terraform and AWS security groups

Step-by-Step Guide

Step 1: Create a Terraform Configuration File

mkdir terraform-security-group
cd terraform-security-group

Step 2: Define the Provider

provider "aws" {
  region = "us-east-1"  # Replace with your desired region

Step 3: Create the Security Group

resource "aws_security_group" "example" {
  name        = "example-sg"
  description = "Example security group"
  vpc_id      = "vpc-123456"  # Replace with your VPC ID

  ingress {
    from_port   = 80
    to_port     = 80
    protocol    = "tcp"
    cidr_blocks = [""]

  ingress {
    from_port   = 22
    to_port     = 22
    protocol    = "tcp"
    cidr_blocks = [""]

  egress {
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    cidr_blocks = [""]

  tags = {
    Name = "example-sg"

Add the following code to

Step 4: Initialize Terraform

terraform init

Step 5: Plan the Deployment

terraform plan

Step 6: Apply the Configuration

terraform apply

Step 7: Verify the Security Group

How to add security groups to multiple EC2 instances?


Step 1: List  Instances

aws ec2 describe-instances --query "Reservations[*].Instances[*].InstanceId"

Step 2: Modify Instances

aws ec2 modify-instance-attribute --instance-id i-0abcd1234efgh5678 --groups sg-12345678

Using Terraform

Step 1: Open your file

Step 2: Define Instances

resource "aws_instance" "example" {
  count         = 3  # Number of instances to create
  ami           = "ami-0c55b159cbfafe1f0"  # Replace with your desired AMI ID
  instance_type = "t2.micro"

  security_groups = ["example-sg"]

  tags = {
    Name = "example-instance-${count.index}"

Step 3: Apply Configuration

terraform init

terraform plan

terraform apply

Best Practices for Security Groups   

Managing security groups effectively is critical for maintaining the security of your EC2 instances. Here are some best practices to follow   

1. Principle of Least Privilege 

Only allow the minimal necessary traffic. Shake using exorbitantly permissive regulations, similar to allowing all IP addresses ( 0) unless necessary.   

2. Use Descriptive Names and Tags  

to exercise clear, descriptive names and tags for your security groups. This makes it easier to identify their purpose and take them effectively.   

3. Regularly Review Security Groups 

Review your security groups and their regulations to ensure they're still necessary and follow best practices. Remove any rules that are no longer needed.   

4. Limit SSH Access

Restrict SSH access to unique IP addresses preferably than allowing global access. Consider utilizing VPNs or fortification hosts for added security.   

5. Use AWS Security Groups in Combination with NACLs 

Network ACLs( Access Control Lists) provide an additional layer of security at the subnet level. Exercise them in conjunction with security groups for improved security.   

6. Monitor and inspect Security Group Changes 

Enable AWS CloudTrail to mark all changes to security groups. This allows you to review changes and identify any unauthorized variations.   

Real-world Scenarios

ScenarioSecurity Group Configuration
Web ServerInbound: Allow HTTP (port 80) and HTTPS (port 443) from anywhere.
SSH Access for AdministrationInbound: Allow SSH (port 22) only from specific IP addresses (e.g., office IP).
Database ServerInbound: Allow MySQL (port 3306) or PostgreSQL (port 5432) only from specific VPC subnets.
Load BalancerInbound: Allow HTTP/HTTPS from anywhere, outbound to web servers on their specific ports.
Application ServerInbound: Allow traffic from the load balancer's security group, outbound to the database.
Internal Services (e.g., Redis, Memcached)Inbound: Allow traffic only from the application's security group

Automating Security Group Management   

Manually managing security groups can be cumbersome for larger environments or more complex setups. AWS provides several tools and services to automate the  operation of security groups   

1. AWS CloudFormation 

Use CloudFormation templates to outline and take your security groups as code. This allows you to version control your infrastructure and automate deployments.  

2. AWS Config

AWS Config continuously monitors and records your AWS resource configurations and allows you to automate the evaluation of recorded configurations against desired configurations. You can exercise AWS Config rules to ensure that security groups behave in accordance with your organization’s screen policies.   

3. AWS Lambda 

Create Lambda functions to automate security group operation tasks, like automatically removing exorbitantly permissive regulations or adding regulations based on particular triggers.   

4. Third-Party Tools 

Several third-party tools can support taking security groups and applying security policies. These tools can integrate with AWS and provide fresh features similar to automated rule optimization and compliance reporting.   


Adding a security group to an EC2 instance is fundamental in managing AWS environments. It helps ensure that your instances are protected from unauthorized access and that only the necessary traffic is allowed. By following the way defined in this guide, you can produce and manage security groups effectively, enhancing the security of your EC2 instances. 

Read More

Follow us on

Table of Contents

    Subscribe to Us

    Always Get Notified