Scenario
After the security group is successfully created, when your cloud server needs to communicate with the external network, you can customize and add new outbound and inbound security group rules according to business needs, which can help protect the cloud server from unauthorized access.
Inbound: Refers to external access to the ECS under a security group rule.
Outbound: Refers to the ECS under a security group rule to access instances outside the security group.
The number of security group rules is limited, so you should keep the rules as simple as possible.
Before You Begin
· The creation of the cloud server has been completed and the security group has been associated.
Procedure
1. Log in to the console.
2. Select a region in the upper left corner of the control center page, here select East China - East China 1.
3. Select Computing > Elastic Cloud Server to enter the cloud server console.
4. In the list of cloud servers, click the name of the cloud server to which you want add security group rule to enter the cloud server details page.
5. Select the Security Group tab, and in the Security Group list, click the expand symbol to the left of the security group name to expand the security group details, as shown in the following figure:
6. Click the Add Rule button in the upper right corner of the details.
7. On the pop-up page, configure the security group rules and click OK.
Complete the addition of security group rules. Configure security group rules, and the specific parameter configuration information is shown in the table below:
Parameter | Description | Value Example |
IP Version | IPv4 and IPv6 | IPv4 |
Authorization Policy | Allow/Reject | Allow |
Priority | The optional range of security group rule priority is 1-100, and the default value is 1, which is the highest priority. The lower the number, the higher the priority. | 1 |
Protocol | Network protocol, the value range is: TCP, UDP, ICMP, All. | TCP |
Port Range | The port range of the security group rule, with values: 1~65535. | 22 or 22-30 |
Source/Destination Address | Source/Destination Address: support IP address; Address Format: xxx.xxx.xxx.xxx/32 (IPv4 address) 0.0.0.0/0 (any address); support security group, indicating that the source/destination address refers to another security group. You can choose other security groups in the same region of the current account. If instance a exists in security group A and instance b exists in security group B, set an inbound rule for security group A and the policy to accept, and select security group B for the source address. It indicates that Intranet access requests from instance b can be delivered to instance a. You can select a security group from the drop-down box of certain resource pool source addresses, which depends on the information displayed on the Console. | 0.0.0.0/0 |
Description | Description of the security group rule, not required. |
8. After the rule is added successfully, you can find the added rule in the security group rule details.
Procedure
· For some common issues when using security groups, see FAQ Security.
· For details about how to configure security group rules to release common ports on ECS, see Common Ports of Cloud Server.