Intranet communication between ECSs in different Security Groups
Example Scenario:
In the same VPC, if the user needs to copy the resources of one ECS in a security group to the ECS in another security group, they can set the two ECSs to communicate with each other over the Intranet before copying the resources.
How to Configure:
ECSs in the same security group can communicate with each other by default and do not need to be configured. However, ECSs in different security groups cannot communicate by default, so you need to add security group rules to enable the ECSs in different security groups to communicate with each other over the Intranet.
Add an inbound security group rule to the security group where the two ECSs belong to allow access from instances in the other security group to achieve Intranet communication, as shown below.
Protocol | Direction | Port Range/ICMP Protocol Type | Source Address |
Set the protocol type used for Intranet communication (supports TCP/UDP/ICMP/All) | Inbound | Set the port range or ICMP protocol type | IPv4 address, IPv4 CIDR, or the ID of another security group |
Only allow specific IP addresses to remotely connect to ECS
Example Scenario:
In order to prevent ECS from being attacked by the network, users can modify the remote login port number and set security group rules to allow only specific IP addresses to remotely log in to ECS.
How to Configure:
For example, only specific IP addresses (e.g. 192.168.20.2) are allowed to access port 22 of an ECS running Linux operating system via SSH protocol, the security group rules are as follows:
Protocol | Direction | Port Range | Source Address |
SSH (22) | Inbound | 22 | IPv4 address, IPv4 CIDR, or the ID of another security group. For example: 192.168.20.2 |
Remotely Connect to Linux ECS via SSH
Example Scenario:
After creating a Linux ECS, you can add security group rules to remotely connect to the ECS via SSH.
How to Configure:
Protocol | Direction | Port Range | Source Address |
SSH (22) | Inbound | 22 | 0.0.0.0/0 |
Remotely Connect to Windows ECS via RDP
Example Scenario:
After creating a Windows ECS, you can add security group rules to remotely connect to the ECS via RDP.
How to Configure:
Protocol | Direction | Port Range | Source Address |
RDP (3389) | Inbound | 3389 | 0.0.0.0/0 |
Ping the ECS over Internet
Example Scenario:
After creating an ECS, you need to add security group rules in order to use a ping to test the communication between ECSs.
How to Configure:
Protocol | Direction | Port Range | Source Address |
ICMP | Inbound | All | 0.0.0.0/0 |
ECS used as Web server
Example Scenario:
If you deploy a website on the ECS, which is used as the Web server, and you want users to access your website via HTTP or HTTPS services, you need to add the following security group rules to the security group where the ECS is located.
How to Configure:
Protocol | Direction | Port Range | Source Address |
TCP | Inbound | 80 (HTTP) | 0.0.0.0/0 |
TCP | Inbound | 443 (HTTPS) | 0.0.0.0/0 |
ECS used as DNS server
Example Scenario:
If you set up an ECS as the DNS server, you must ensure that TCP and UDP data can reach your DNS server over port 53. You need to add the following security group rules to the security group where the ECS is located.
How to Configure:
Protocol | Direction | Port Range | Source Address |
TCP | Inbound | 53 | 0.0.0.0/0 |
UDP | Inbound | 53 | 0.0.0.0/0 |
Upload or download files using FTP
Example Scenario:
If you need to use FTP software to upload or download files to the ECS, you need to add security group rules.
How to Configure:
You need to install the FTP server program on the ECS first, and then check whether ports 20 and 21 are working properly.
Protocol | Direction | Port Range | Source Address |
FTP | Inbound | 20-21 | 0.0.0.0/0 |