I have deployed EC2 Instance through Cloudformation and need to update the security group now and I am doing the changes in the existing template but in the Change set I can see my EC2 is getting replaced. How I can modify the security group without recreating the Instance in CF
Tried updating SG in the template but it is recreating EC2
It depends on the changes you to want to make on the AWS::EC2::SecurityGroup resource. If you change the GroupDescription, GroupName or VpcId properties, an update for these require replacement.
This means a new AWS::EC2::SecurityGroup resource will be created and the old one will be deleted. A new PhysicalId will be created for the AWS::EC2::SecurityGroup resource.
When looking at the AWS::EC2::Instance SecurityGroups property update requires replacement. Because a new PhysicalId was generated for the Security Group, this means the sg-idxxxxx passed to the EC2 instance is different causing the EC2 to be replaced.
Properties you can modify on the AWS::EC2::SecurityGroup resource that will not replace your EC2 instance are SecurityGroupEgress, SecurityGroupIngress and Tags because for these an update requires some interruptions or no interruption.