Can we remove a security group from an running EC2 instance?

Question

I have a running EC2 instance with few security groups added. What I want to do is to remove one of the security group and add a new one.

I think there will be no problem in adding a new security group. But is it possible to remove a security group without terminating existing ec2 instance and creating a new one from the ami ?

Answer 1

From the AWS documentation this is how you can remove a security group from a insance:

1. Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

2. In the navigation pane, choose Instances.

3. Select your instance, and then choose Actions, Security, Change security groups.

4. For Associated security groups, select a security group from the list and choose Add security group.

5. To remove an already associated security group, choose Remove for that security group.

6. Choose Save.

Answer 2

FWIW, you can also change the inbound/outbound rules of the current security group instead of removing it and adding a new one. Changes to inbound/outbound rules also take effect immediately with no need to stop EC2.

Answer 3

yes, it is possible both to add and remove security group. In AWS web console go to EC2 Instances page, right click on instance you want to change -> Networking -> Change Security Group You can easily check that it is done without terminating or even stopping the instance.