New security groups that an instance belongs to.

This is applicable only to instances running in a VPC. Use
this parameter when you want to change the security
groups an instance is in. The new set of groups you specify
replaces the current set. You must specify at least one
group, even if it's just the default security group in the VPC.