From 564dd360a223dc0b23dcd9b0ea089018700bec41 Mon Sep 17 00:00:00 2001
From: innossh <innossh@users.noreply.github.com>
Date: Fri, 19 Feb 2016 01:57:23 +0900
Subject: [PATCH] provider/aws: Support additional changes to security groups
 of instance without forcing new

---
 .../providers/aws/resource_aws_instance.go    | 23 ++++++++++++++++++-
 1 file changed, 22 insertions(+), 1 deletion(-)

diff --git a/builtin/providers/aws/resource_aws_instance.go b/builtin/providers/aws/resource_aws_instance.go
index bacf975aa..6ff22572f 100644
--- a/builtin/providers/aws/resource_aws_instance.go
+++ b/builtin/providers/aws/resource_aws_instance.go
@@ -107,7 +107,6 @@ func resourceAwsInstance() *schema.Resource {
 				Type:     schema.TypeSet,
 				Optional: true,
 				Computed: true,
-				ForceNew: true,
 				Elem:     &schema.Schema{Type: schema.TypeString},
 				Set:      schema.HashString,
 			},
@@ -581,6 +580,28 @@ func resourceAwsInstanceUpdate(d *schema.ResourceData, meta interface{}) error {
 		}
 	}
 
+	if d.HasChange("security_groups") {
+		var groupIds []*string
+		if v := d.Get("security_groups").(*schema.Set); v.Len() > 0 {
+			resp, err := conn.DescribeSecurityGroups(&ec2.DescribeSecurityGroupsInput{
+				GroupNames: expandStringList(v.List()),
+			})
+			if err != nil {
+				return err
+			}
+			for _, v := range resp.SecurityGroups {
+				groupIds = append(groupIds, aws.String(*v.GroupId))
+			}
+		}
+		_, err := conn.ModifyInstanceAttribute(&ec2.ModifyInstanceAttributeInput{
+			InstanceId: aws.String(d.Id()),
+			Groups:     groupIds,
+		})
+		if err != nil {
+			return err
+		}
+	}
+
 	if d.HasChange("vpc_security_group_ids") {
 		var groups []*string
 		if v := d.Get("vpc_security_group_ids").(*schema.Set); v.Len() > 0 {