Default Security Groups and Security Group Rules
Your account automatically comes with a default security group (Sys-default). The default security group allows all outbound traffic, denies all inbound traffic, and allows all traffic between ECSs in the group. Your ECSs in this security group can communicate with each other already without adding additional rules.
Figure 1 shows the default security group.
- You cannot delete the default security group, but you can modify the rules for the default security group.
- If two ECSs are in the same security group but in different VPCs, the ECSs cannot communicate with each other. To enable communications between the ECSs, use a VPC peering connection to connect the two VPCs first. For details about VPC connectivity, see Application Scenarios.
Table 1 describes the default rules for the default security group (Sys-default).
|
Direction |
Protocol |
Port/Range |
Source/Destination |
Description |
|---|---|---|---|---|
|
Outbound |
All |
All |
Destination: 0.0.0.0/0 |
Allows all outbound traffic. |
|
Inbound |
All |
All |
Source: the current security group (for example, sg-xxxxx) |
Allows communication among ECSs within the security group and denies all inbound traffic (incoming data packets). |
|
Inbound |
TCP |
22 |
Source: 0.0.0.0/0 |
Allows all IP addresses to access Linux ECSs over SSH. |
|
Inbound |
TCP |
3389 |
Source: 0.0.0.0/0 |
Allows all IP addresses to access Windows ECSs over RDP. |
Last Article: Security Group Overview
Next Article: Security Group Configuration Examples
Did this article solve your problem?
Thank you for your score!Your feedback would help us improve the website.