Security Group
A security group is a collection of access control rules for ECSs that have the same security protection requirements and are mutually trusted. After a security group is created, you can create different access rules for the security group, these rules will apply to any ECS that the security group contains.
Your account automatically comes with a default security group (Sys-default). The default security group allows all outbound traffic, denies all inbound traffic, and allows all traffic between ECSs in the group. Your ECSs in this security group can communicate with each other already. You do not need to add additional rules.
Figure 1 illustrates how the default security group works.
Table 1 describes the default rules for the default security group.
| Direction | Protocol | Port/Range | Source/Destination | Description |
|---|---|---|---|---|
| Outbound | All | All | Destination: 0.0.0.0/0 | Allows all outbound traffic. |
| Inbound | All | All | Source: the current security group (for example, sg-xxxxx) | Allows communication among ECSs within the security group and denies all inbound traffic (incoming data packets). |
| Inbound | TCP | 22 | Source: 0.0.0.0/0 | Allows all IP addresses to access Linux ECSs over SSH. |
| Inbound | TCP | 3389 | Source: 0.0.0.0/0 | Allows all IP addresses to access Windows ECSs over RDP. |
You can also create custom security groups and rules as required.
If two ECSs are in the same security group but in different VPCs, the ECSs cannot communicate with each other. You can use VPC peering connections to enable communication between ECSs in different VPCs so that security groups can control traffic between the ECSs. For details about VPC connectivity, see Application Scenarios.
Last Article: Route Table
Next Article: VPC Peering Connection
Did this article solve your problem?
Thank you for your score!Your feedback would help us improve the website.