diff --git a/modules/asg/main.tf b/modules/asg/main.tf
index 0ce2d7d..94e7714 100644
--- a/modules/asg/main.tf
+++ b/modules/asg/main.tf
@@ -68,7 +68,7 @@ resource "aws_launch_template" "this" {
 
   network_interfaces {
     device_index                = 0
-    security_groups             = [local.default_eni_sg_ids[0]]
+    security_groups             = local.default_eni_sg_ids
     subnet_id                   = values(local.default_eni_subnet_names[0])[0]
     associate_public_ip_address = try(local.default_eni_public_ip[0])
   }
diff --git a/modules/asg/scripts/lambda.py b/modules/asg/scripts/lambda.py
index b8f1a7b..7daab8e 100644
--- a/modules/asg/scripts/lambda.py
+++ b/modules/asg/scripts/lambda.py
@@ -158,7 +158,7 @@ def create_interface_settings(instance_zone: str) -> list:
             for k, v in sett.items():
                 interface[eni] = {} if eni not in interface.keys() else interface[eni]
                 interface[eni]["index"] = int(v) if 'device_index' in k else interface.get(eni).get('index')
-                interface[eni]["sg"] = v[0] if 'security_group_ids' in k else interface.get(eni).get('sg')
+                interface[eni]["sg"] = v if 'security_group_ids' in k else interface.get(eni).get('sg')
                 interface[eni]["c_pub_ip"] = v if 'create_public_ip' in k else interface.get(eni).get('c_pub_ip')
                 interface[eni]["s_dest_ch"] = v if 'source_dest_check' in k else interface.get(eni).get('s_dest_ch')
                 if 'subnet_id' in k:
@@ -180,23 +180,23 @@ def inspect_ec2_instance(self, instance_id: str) -> tuple:
         return instance_info.get('Placement').get('AvailabilityZone') if 'Placement' in instance_info else None, \
             instance_info.get('SubnetId'), instance_info.get('NetworkInterfaces')
 
-    def create_network_interface(self, instance_id: str, subnet_id: str, sg_id: int) -> str:
+    def create_network_interface(self, instance_id: str, subnet_id: str, sg_ids: list) -> str:
         """
         As function name, it creates new ENI, if something wrong it catch error.
 
         :param instance_id: EC2 Instance id
         :param subnet_id: Subnet id
-        :param sg_id: Security group id
+        :param sg_ids: Security group ids
         :return: Network Interface id
         """
 
-        self.logger.debug(f"DEBUG: create_interface: instance_id={instance_id}, subnet_id={subnet_id}, sg_id={sg_id}")
+        self.logger.debug(f"DEBUG: create_interface: instance_id={instance_id}, subnet_id={subnet_id}, sg_ids={sg_ids}")
         try:
             tags = loads(getenv('lambda_config')).get('tags')
             tag_specifications = [{'Key': k, 'Value': v} for k, v in tags.items()]
             network_interface = self.ec2_client.create_network_interface(
                 SubnetId=subnet_id,
-                Groups=[sg_id],
+                Groups=sg_ids,
                 TagSpecifications=[
                     {
                         'ResourceType': 'network-interface',