How can I add my security group to my Elastic Beanstalk environment?

2 minute read

I want to add my own security group to my AWS Elastic Beanstalk environment.

Short description

By default, Elastic Beanstalk creates a security group for your environment. You can also add your own security group to your environment. To add your own security group, add configuration files to an .ebextensions directory in your application deployment package. The .ebextensions directory makes Elastic Beanstalk attach a preexisting security group to your Auto Scaling group.


To add your own security group to your Elastic Beanstalk environment, complete the following steps:

  1. Use an existing security group, or create a new security group.

  2. Note the name of your security group. For example, ebtest.

  3. Create an .ebextensions/ directory in your local application code directory.
    Note: For more information, see Advanced environment customization with configuration files (.ebextensions).

  4. In the .ebextensions/ directory, create a file that's named securitygroup.config:

      - namespace: aws:autoscaling:launchconfiguration
        option_name: SecurityGroups
        value: ebtest
  5. Deploy your code and the new .ebextensions/ directory together as a new application version to your Elastic Beanstalk environment.

After deployment, your security group is attached to your Amazon Elastic Compute Cloud (Amazon EC2) instances. Your environment now uses both your existing security group and the default security group.

Note: To launch your instances within a virtual private cloud (VPC), use Amazon Virtual Private Cloud (Amazon VPC) with Elastic Beanstalk. Instead of security group names, specify security group IDs.

The following example shows the structure of the .ebextensions directory and securitygroup.config file in the application zip file:

|-- .ebextensions/
|   |-- securitygroup.config
|   `-- other.config
|-- other application files

Related information

Elastic Beanstalk samples on the GitHub website

How do I use my own security group for my load balancer when I deploy an Elastic Beanstalk application?

AWS OFFICIALUpdated a month ago