DocsICP FilingConsole
官方文档
首页

Security groups

更新时间:
复制 MD 格式
产品详情
我的收藏

A security group is a logical group of instances that are located in the same region and share the same security requirements. Each ECS instance must belong to at least one security group. You must specify a security group when you create an instance. Instances within the same security group can communicate with each other over the internal network. By default, instances in different security groups cannot communicate over the internal network. You can, however, grant access between two security groups.

For more information about security groups, see Security groups.

Add a security group

You can add a security group and associate it with a workspace. After you associate the security group, all resources in that security group automatically belong to the workspace.

Prerequisites

If you want to create a VPC security group, you must have an active VPC and virtual switch. For more information, see Create a VPC.

Procedure

  1. Log on to the SOFAStack console. In the navigation pane on the left, click Global Settings to open the workspace page.

  2. Click the card for the workspace that you want to manage to open the Workspace Details page.

  3. On the Resources page, click Security Group > Add Security Group.

  4. In the Add Security Group dialog box, set the parameters for the security group and then click OK.

    Configuration

    Description

    Security group name

    Enter a name for the security group.

    The name must be 2 to 128 characters in length. It can contain letters, digits, hyphens (-), and periods (.). It must start with a letter.

    Description

    The description can be 2 to 256 characters in length. It cannot start with http:// or https://.

    Rules

    The security group rules. Click Add Rule to add rules. For more information, see Add a security group rule.

Delete a security group

You can delete security groups that you no longer need.

Prerequisites

Ensure that the security group you want to delete does not contain any ECS instances. If it does, you must first move them out of the group.

Procedure

  1. Log on to the SOFAStack console. In the navigation pane on the left, click Global Settings to open the workspace page.

  2. Click the card for the workspace that you want to manage to open the Workspace Details page.

  3. On the Resources page, click Security Group. Find the security group that you want to delete and then click Delete > Confirm.

    When you delete a security group, all its rules are also deleted.

Add a security group rule

You can add security group rules to allow or deny public or private network access for ECS instances in a security group.

Prerequisites

A security group has been created.

Procedure

  1. Log on to the SOFAStack console. In the navigation pane on the left, click Global Settings to open the workspace page.

  2. Click the card for the workspace that you want to manage to open the Workspace Details page.

  3. On the Resources page, click Security Group.

  4. Click the expand icon next to the name of the security group to which you want to add a rule.

  5. In the expanded area, click Add Rule.

  6. In the dialog box that appears, set the parameters for the rule and then click OK.

    Configuration

    Description

    NIC Type

    For security groups in a VPC, only Internal Network is supported.

    Rule Direction

    • Outbound: Controls traffic from your ECS instances to other ECS instances on the internal network or to resources on the public network.

    • Inbound: Controls traffic to your ECS instances from other ECS instances on the internal network or from resources on the public network.

    Protocol Type

    The default value is ALL. Supported protocol types include the following:

    • TCP

    • UDP

    • GRE

    • ICMP

    • ALL

    For the relationship between port ranges and protocol types, see Add a security group rule.

    Port Range

    The default value is -1/-1, which means all ports. The value range is 1 to 65535.

    Access Permissions

    Supported permissions are Allow and Deny.

    Priority

    The default value is 1. The value range is 1 to 100. A smaller value indicates a higher priority.

    Source IP Address

    The source IP address range. The default value is 0.0.0.0/0.

    Note

    Currently, only IP address ranges in IPv4 format are supported.

    Destination IP Address

    The destination IP address range. The default value is 0.0.0.0/0.

    Note

    Currently, only IP address ranges in IPv4 format are supported.

    Rule Description

    A description of the security group rule.

Delete a security group rule

You can delete security group rules that you no longer need.

Prerequisites

Procedure

  1. Log on to the SOFAStack console. In the navigation pane on the left, click Global Settings to open the workspace page.

  2. Click the card for the workspace that you want to manage to open the Workspace Details page.

  3. On the Resources page, click Security Group. Find the security group to which you want to add a security group rule and click its expand icon.

  4. In the expanded area, find the rule that you want to delete and then click Delete > Confirm.

Previous:Virtual Private Cloud (VPC)Next:Elastic Compute Service (ECS)