Assign Multiple Security Groups to an Instance
Table of Contents
Objective
Assign multiple security groups to an EC2 server.
Prerequisites
- An unlaunched server. After you launch a server, you cannot add additional security groups to it or remove assigned security groups from it.
- Assigning security groups requires the 'actor' role. See User Role Privileges.
Overview
Security group ingress rules are additive in nature. For example, if you assign two security groups—'A' and 'B'—to a server, and security group 'A' has ports 22 and 80 open and security group 'B' has ports 22 and 443 open, the server will have ports 22, 80, and 443 open, as shown in the diagram below.
Steps
Servers
Provided that a server is not running, you can edit its security groups by opening its properties and clicking Edit. In the "Server Details" screen that displays, use the "Security Group(s)" drop-down list to select a security group to assign to the server, or click the New button to create a new security group for the server.
Clicking the 
button next to a security group name removes the server from the security group.
When you launch the server, it is included in all security groups specified in its properties.
Server Arrays
You can also add multiple security groups to a server array under using the same process described in the previous section. All servers launched in the server array are assigned the security groups specified.
See also
- © Copyright 2015 RightScale Technical Support