You have an EC2 Security Group with several running EC2 instances. You change the Security Group rules to
allow inbound traffic on a new port and protocol, and launch several new instances in the same Security Group.
The new rules apply:
A.
Immediately to all instances in the security group.
B.
Immediately to the new instances only.
C.
Immediately to the new instances, but old instances must be stopped and restarted before the new rules
apply.
D.
To all instances, but it may take several minutes for old instances to see the changes.
A (or maybe D)
http://www.aiotestking.com/amazon/the-new-rules-apply/
I’m going to say a “short period” of time is less than several minutes. I would describe several minutes as “forever” if you needed a firewall change to fix a problem that is being exploited.
A
http://jayendrapatil.com/category/aws/vpc/security-group/