Attach / Detach Security Group from EC2 instance using boto3

Question

How can I go about disassociating a particular security group from all EC2 instances and then associate it with a new EC2 instance, with boto3?

I'm trying something like:

ec2 = boto3.resource('ec2')
instances = ec2.instances.filter()
for instance in instances:
    print(instance.id, instance.instance_type)
    for sg in instance.security_groups:
    if sg['GroupId'] == sg_id:
        instance.modify_attribute ???

Answer 1

  ec2 = boto3.resource('ec2')
  instances = ec2.instances.filter()
  for instance in instances:
     print(instance.id, instance.instance_type)
     all_sg_ids = [sg['GroupId'] for sg in instance.security_groups]  # Get a list of ids of all securify groups attached to the instance
     if sg_id in all_sg_ids:                                          # Check the SG to be removed is in the list
       all_sg_ids.remove(sg_id)                                       # Remove the SG from the list
       instance.modify_attribute(Groups=all_sg_ids)                   # Attach the remaining SGs to the instance