If the Auto Scaling group has an attached load balancer, the instance and the load balancer must both be in EC2-Classic or the same VPC. If the website owner or administrator wants to access other websites from the EC2 instance, then the following configurations must be allowed: Add an ingress rule to a security group using authorize_security_group_ingress. Note: When the previous security group and network ACL example configurations are used together, all internet users can connect to the website.

Update: As of January 2014, you can now change security groups for running AWS EC2 instances.

You can add rules to each security group that allow traffic to or from its associated instances. Add one or more ingress rules to a security group. However, a small delay might occur. The instance is launched into one of the Availability Zones defined in your Auto Scaling group.

Rule changes are propagated to instances within the security group as quickly as possible. When you launch an instance, you can specify one or more security groups; otherwise, Amazon EC2 uses the default security group.

The example below shows how to: Create a Security Group using create_security_group. You can modify the rules for a security group at any time.