Elastic Compute Service:Manage ENIs in security groups

Limits

• Before you add a primary ENI to a security group, make sure that the primary ENI belongs to the same virtual private cloud (VPC) and the same zone as the security group.

• An ENI can only be added to security groups that are of the same type (basic or advanced). For more information, see Basic and advanced security groups.

• Each ENI must be added to at least one security group. By default, each ENI can be added to up to five security groups. For more information, see the Security group limits section in the "Limits" topic.

Manage the security groups that are associated with an ENI on the Elastic Network Interfaces page

Perform the following steps to add a secondary ENI to or remove a secondary ENI from a security group:

1. Log on to the ECS console.

2. In the left-side navigation pane, choose Network & Security > Elastic Network Interfaces.

3. In the top navigation bar, select the region and resource group to which the resource belongs.

4. Find the ENI that you want to manage. In the Operation column, click Change Security Groups.

5. In the Change Security Groups dialog box, perform the following operations:

   • To add the ENI to a security group, select a security group that is not associated with the ENI from the Security Group drop-down list.

   • To remove the ENI from a security group, delete the security group from the value in the Security Group field.

6. Click Confirm.

Manage the ENIs that are associated with a security group on the security group list page

1. Log on to the ECS console.

2. In the left-side navigation pane, choose Network & Security > Security Groups.

3. In the top navigation bar, select the region and resource group to which the resource belongs.

4. Manage the ENIs that are associated with a security group based on the ENI type.

   Primary ENIs

   Note

   If an ECS instance is associated with a security group, the primary ENI of the instance is also associated with the security group. You can change the security groups of the primary ENI by changing the security groups of the ECS instance.

   Perform the following steps to add primary ENIs to or remove primary ENIs from a security group on the security group list page:

   1. On the security group list page, find the security group that you want to manage. In the Operation column, choose > Manage Instances.

   2. On the Instances tab of the security group details page, perform the following operations:

      • Add primary ENIs to the security group.

        1. Click Add Instance to Security Group.

        2. In the Add Instance to Security Group dialog box, select an ECS instance from the Instance drop-down list.

           Note

           You can select multiple ECS instances. The selected ECS instances and their primary ENIs are added to the security group.

      • Remove primary ENIs from the security group.

        1. Select one or more ECS instances and click Remove from Security Group in the lower part of the tab.

        2. In the Remove from Security Group message, click OK.

           Note

           The selected ECS instances and their primary ENIs are removed from the security group.

   Secondary ENIs

   Perform the following steps to add secondary ENIs to or remove secondary ENIs from a security group on the security group list page:

   1. On the security group list page, find the security group that you want to manage. In the Operation column, choose > Manage ENIs.

   2. On the Secondary network card tab of the security group details page, perform the following operations:

      • Add secondary ENIs to the security group.

        1. Click Add ENI to Security Group.

        2. In the Add ENI to Security Group dialog box, select secondary ENIs from the ENI drop-down list.

      • Remove secondary ENIs from the security group.

        1. Select one or more secondary ENIs and click Remove from Security Group in the lower part of the tab.

        2. In the Remove from Security Group message, click OK.