By default AWS EC2 instances are launched in default VPC which is not recommended for production grade. AWS VPCs provides the controls to facilitate a formal process for approving and testing all network connections and changes to the firewall and router configurations.
It is considered best practice to use a VPC other than the default VPC. If you already have a VPC that you wish to use, skip to the interface configuration. An EC2 instance's primary interface cannot be updated once the VM is running, however an image of the VM can be taken and launched as a new EC2 instance with the VPC designated for the primary interface. A secondary interface can be updated or attached/detached.
In AWS Console -
For the VPC:
For the EC2 Interface:
For the EC2 Instance:
In Terraform -
References:
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-vpc.html
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/best-practices-for-configuring-network-interfaces.html
https://aws.amazon.com/premiumsupport/knowledge-center/move-ec2-instance/
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/instance#vpc_security_group_ids