Add one or more ingress rules to a security group. When you launch an instance, you can specify one or more security groups; otherwise, Amazon EC2 uses the default security group. Add an ingress rule to a security group using authorize_security_group_ingress. The instance is launched into one of the Availability Zones defined in your Auto Scaling group. Update: As of January 2014, you can now change security groups for running AWS EC2 instances. You can modify the rules for a security group at any time.

If the Auto Scaling group has an attached load balancer, the instance and the load balancer must both be in EC2-Classic or the same VPC. Rule changes are propagated to instances within the security group as quickly as possible. If the website owner or administrator wants to access other websites from the EC2 instance, then the following configurations must be allowed: You can add rules to each security group that allow traffic to or from its associated instances. Note: When the previous security group and network ACL example configurations are used together, all internet users can connect to the website. However, a small delay might occur.

The example below shows how to: Create a Security Group using create_security_group.