Ravi helps you troubleshoot
issues deleting security groups
for your Amazon VPC

Ravi_SYD0218.jpg

I'm getting errors when I try to delete a security group for my Amazon Virtual Private Cloud (Amazon VPC). What can I do to delete it?

You might not be able to delete the security group because it's:

  • A default security group
  • Associated with an instance that is in the running or stopped state
  • Referenced by its own rule or a rule in another security group

You can delete the security group only when it does not meet any of these scenarios. For steps on how to delete a security group, see Deleting a Security Group.

Note: To delete two or more security groups at the same time, use the AWS Management Console. You can delete only one security group at a time when you use the AWS Command Line Interface (AWS CLI) or API.

Default security group

Default security groups can't be deleted. To verify if a security group is a default resource, follow these steps:

  1. Open the Amazon VPC console.
  2. In the navigation pane, under Security, choose Security Groups.
  3. In the security group list, the default security groups are those with the Group Name shows as default.

Associated with an instance in the running or stopped state

You can't delete a security group if it's assigned to a running or stopped instance. To verify if the security group is assigned to an instance, follow these steps:

  1. Open the Amazon EC2 console.
  2. In the navigation pane, choose Instances.
  3. Choose the search bar in the content pane.
  4. In the Resource Attributes filter list, select either Security Group ID or Security Group Name, and then select the security group ID or security group name that you want to delete.
  5. Any instances assigned to the security group will appear in the filtered instance list.

Note: To change the security group assigned to an instance, see Changing an Instance's Security Groups.

Referenced by its own rule or a rule in another security group

You can't delete a security group if it's referenced by a security group rule. If the security group is referenced in one of its own rules, then you must remove the rule before deleting the security group. If the security group is referenced in another security group's rules, you must remove the reference to delete the security group. To modify security group rules, see Adding, Removing, and Updating Rules.

The security group might also be referenced in a security group within another Amazon VPC where a peering connection is established. To delete the security group, you can either remove the reference or delete the VPC peering connection.


Did this page help you? Yes | No

Back to the AWS Support Knowledge Center

Need help? Visit the AWS Support Center

Published: 2017-12-18