- Newest
- Most votes
- Most comments
To remove all security groups from a launch template version when creating a new version, you need to use the SecurityGroupIds parameter along with the DefaultSecurityGroupIds parameter in the create-launch-template-version command. Here's the command you can use:
aws ec2 create-launch-template-version \
--launch-template-id <launch-template-id> \
--version-description "Remove security groups" \
--source-version <source-version-number> \
--launch-template-data '{"SecurityGroupIds": [], "DefaultSecurityGroupIds": []}' \
--region <region>
Replace the following:
- <launch-template-id> with the ID of your launch template
- <source-version-number> with the version number you want to base the new version on
- <region> with the AWS region where your launch template resides
However, when you create a new EC2 instance using a launch template without any security groups specified, AWS will automatically assign the default security group to the instance.
If your goal is to not allow any inbound/outbound traffic to the instance, I would suggest attaching a security group with no inbound/outbound rules. Alternatively, you could edit the default security group to remove the inbound/outbound rules, but I would not recommend doing this. If you go either of these routes, you will not be able to connect to your instances, and your instances won't be able to connect to anything.
To make sure we're implementing the best solution, may I ask why you want to launch instances without a security group attached?
Relevant content
- asked 3 years ago
- asked 2 years ago
- Accepted Answerasked 2 years ago
- Accepted Answerasked 2 years ago
- AWS OFFICIALUpdated 10 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
This returns an error for me:
Versions: aws-cli/1.32.16 Python/3.9.18 Darwin/23.6.0 botocore/1.29.165 aws-cli/2.15.57 Python/3.11.8 Darwin/23.6.0 exe/x86_64