diff --git a/awx/api/generics.py b/awx/api/generics.py
index 8b8fb55894..ee6db9634d 100644
--- a/awx/api/generics.py
+++ b/awx/api/generics.py
@@ -46,7 +46,7 @@ from awx.main.utils import (
     decrypt_field
 )
 from awx.main.utils.db import get_all_field_names
-from awx.api.serializers import ResourceAccessListElementSerializer, CopySerializer, UserSerializer
+from awx.api.serializers import ResourceAccessListElementSerializer, CopySerializer, UserSerializer, InstanceGroupSerializer
 from awx.api.versioning import URLPathVersioning
 from awx.api.metadata import SublistAttachDetatchMetadata, Metadata
 
@@ -317,6 +317,13 @@ class GenericAPIView(generics.GenericAPIView, APIView):
             for name, field in list(serializer.fields.items()):
                 if getattr(field, 'read_only', None):
                     del serializer.fields[name]
+                # Additionally, remove the following fields if an instance group is containerized.
+                if name == 'is_containerized':
+                    import sdb
+                    sdb.set_trace()
+                    del serializer.fields['policy_instance_percentage']
+                    del serializer.fields['policy_instance_minimum']
+                    del serializer.fields['policy_instance_list']
             serializer._data = self.update_raw_data(serializer.data)
         return serializer
 
diff --git a/awx/api/serializers.py b/awx/api/serializers.py
index 09066a4871..c4f86a9842 100644
--- a/awx/api/serializers.py
+++ b/awx/api/serializers.py
@@ -4801,6 +4801,18 @@ class InstanceGroupSerializer(BaseSerializer):
                 raise serializers.ValidationError(_('Isolated instances may not be added or removed from instances groups via the API.'))
             if self.instance and self.instance.controller_id is not None:
                 raise serializers.ValidationError(_('Isolated instance group membership may not be managed via the API.'))
+        if self.instance.is_containerized:
+                raise serializers.ValidationError(_('Containerized instances may not be managed via the API'))
+        return value
+
+    def validate_policy_instance_percentage(self, value):
+        if value and self.instance.is_containerized:
+            raise serializers.ValidationError(_('Containerized instances may not be managed via the API'))
+        return value
+
+    def validate_policy_instance_minimum(self, value):
+        if value and self.instance.is_containerized:
+            raise serializers.ValidationError(_('Containerized instances may not be managed via the API'))
         return value
 
     def validate_name(self, value):
diff --git a/awx/main/utils/common.py b/awx/main/utils/common.py
index 11e4722f5f..e7603fb037 100644
--- a/awx/main/utils/common.py
+++ b/awx/main/utils/common.py
@@ -366,6 +366,10 @@ def get_allowed_fields(obj, serializer_mapping):
     field_blacklist = ACTIVITY_STREAM_FIELD_EXCLUSIONS.get(obj._meta.model_name, [])
     if field_blacklist:
         allowed_fields = [f for f in allowed_fields if f not in field_blacklist]
+    # raise Exception(_("please render this"))
+    # if obj.__class__.__name__ == 'InstanceGroup' and obj.is_containerized:
+    #     container_group_blacklist = ["policy_instance_percentage", "policy_instance_minimum", "policy_instance_list"]
+    #     allowed_fields = [f for f in allowed_fields if f not in container_group_blacklist]
     return allowed_fields