I have an ECS cluster with an ASG with launch template for EC2 which has security group defined.
When I am creating services in ECS , I am again provided with an option for Security Group. Where is this security group assigned to ? if EC2 then are these SGs combined when launching?
If you use
awsvpcnetwork mode for your ECS tasks, then each task gets its own AWS Elastic Network Interface (ENI) and has completely separate networking from the EC2 instance it is running on. In that case, the security group would be attached to the task's ENI.