Security groups are a powerful concept, and we have already shown that implemented wisely they can be extremely secure and efficient to manage.
However they required you to carefully plan your instance deployment: up to now, the Security Groups associated to an instance could not be changed.
Introducing the ability to modify security groups for an existing instance
Starting June 2015, it is now possible to change the security groups associated with each instance.
Via the Web portal
Log on to your favorite cloud portal and select an instance.
In the detailed instance view there is now a new configuration field:
You can now:
- Remove a SG
- Add one or more SG
For your convenience you can either type the name of the group or use the drop-down list.
Via the API
The updateVirtualMachine call has been extended to support the modification
of the Security Groups associated to a machine.
Here’s an example gist with the python cs client:
from cs import CloudStack
cs = CloudStack(endpoint='https://api.exoscale.ch/compute',
key='your api key',
secret='your api secret')
my_vm = 'VM_ID'
my_sg = ['SG_UUID']
cs.updateVirtualMachine(id=my_vm, securitygroupids=my_sg)
Note that the securitygroupids is a list of the UUIDs of the all SG you wish to
be associated with the instance. Beware this will overwrite the existing
groups associated to your instance: you need to pass all the groups,
not just the one you would like to add to the instance.
The full API call description is available in the documentation