AWS EC2 controller only handles SECURITY_GROUP_NAMES correctly if SUBNET is specified

[ghost]

[Build] 17.3 2017/07/27

[Steps to reproduce]

1. log-in as customer and subscribe to AWS EC2 service that has an underlying technical service that can specify a security group (but specifies no subnet).
2. during subscription process specify a security group SG1, that is not the default security group, and exist in the default region/subnet.
3. check provisioned instance's security group

[Expected result] security group SG1

[Observed result] instance has default security group

[Details]

1. If I set security group and subnet this works ok (workaround).
2. If I set security group SG1, and I do not set the subnet, I end up with an instance created in subnet as in 1. above, with default security group (not SG1)
3. If I try to manually create an Instance using AWS EC2 UI, and do not specify a subnet, but specify a security group, then the instance is created with the correct security group. => The workaround is to specify both. If this cannot be fixed, then it should be documented that the security group will only work if subnet is also specified.

@gertipoppel this might become a documentation issue.