How to change an EC2 instance's security group

Unless the instance is in a VPC, security groups can only be chosen before you start your instance for the first time.

Only VPC instances can change security group. For information on VPC see here.

Now you can change the security group of an EC2 instance from the web console itself.

Select an instance -> right click or click Actions -> Under Networking -> select Change Security Groups

For instances launched without a VPC, the Security Group can only be specified at first launch, and cannot be changed afterwards, not even if the instance is stopped first.

For instances launched into a VPC, the group can be changed. However, not all instance types are supported in the VPC - for example, "micro" is not supported as of December 2011.

According to the Amazon EC2 documentation, you can update the assigned security group.

After you launch an instance in EC2-Classic, you can't change its security groups. However, you can add rules to or remove rules from a security group, and those changes are automatically applied to all instances that are associated with the security group.

There is a way to accomplish this for an EBS-backed instance in a non-VPC environment, but it's a little painful:

1. Shutdown the server you want to change.
2. Right click the server and select Create Image to make an AMI from it.
3. Once the AMI has been created, right click on the AMI and select Launch Instance.
4. Choose the new security group as part of provisioning a "new" server.

This only works for EBS-backed instances that persist beyond a stop/start cycle.

I just changed the security group of an EC2 instance without even stopping it first. So maybe the policy has changed.

The instance in question was indeed inside a VPC. I didn't manually create that VPC, though. I think the default now is for a new instance to be inside a VPC.

Just stop the instance and right click on it:

• If it's a vpc instance you will find the option to change the security groups under Networking