Below are the code snippet's. "Security Group sg-xxxxx and Subnet subnet-xxxxx belong to different networks. Security group sg-31f91b5a and subnet subnet-ea0aa3a7 belong to different networks. If you launch an instance using the Amazon EC2 API or a command line tool and you don't specify a security group, the instance is automatically assigned to the default security group for the VPC. In Item 3, we can check that the network security group is associated with the interface. In situations where traffic pattern amongst VMs in a subnet is very different, it may be better to have individual Network Security groups attached to VM with precise rules for controlling traffic to that VM. Launching EC2 instance failed." And here is a gist for complete template, any help would really be appreciated. Click on Networking (Item 1) of the VM that we have chosen to apply the network security group. In the Search resources, services, and docs box at the top of the portal, begin typing myNsg.When myNsg appears in the search results, select it.. Associate network security group to subnet. The network interface will be displayed on the right side (Item 2) next to the network/subnet, public IP, and private IP information. Any insight would be helpful! Under SETTINGS, select Subnets and then select + Associate, as shown in the following picture:. 11:13:01 UTC+0550 CREATE_FAILED AWS::EC2::Instance WebApplicationServer Security group sg-5147a53a and subnet subnet-ea0aa3a7 belong to different networks. Terraform is using trying to use a default subnet instead of the subnet I defined to be used with the vpc I created. Managing NSGs at VNet level Network Security Groups can be applied to a VM or subnet, and in some cases to both. Under Associate subnet, select Virtual network and then select myVirtualNetwork. I am not using an ELB at the moment only using an LC and ASG. Therefore, each instance in a subnet in your VPC can be assigned to a different set of security groups.