Default Security Groups and Rules
Default Security Group Rules
- Inbound rules control incoming traffic to instances in the default security group. The instances can communicate with each other but cannot be accessed from external networks.
- Outbound rules allow all traffic from the instances in the default security group to external networks.
Figure 1 shows the default security group.
Table 1 describes the default security group rules.
|
Direction |
Action |
Type |
Protocol & Port |
Source/Destination |
Description |
|---|---|---|---|---|---|
|
Inbound |
Allow |
IPv4 |
All |
Source: default security group (default) |
Allows IPv4 instances in the security group to communicate with each other using any protocol over any port. |
|
Inbound |
Allow |
IPv6 |
All |
Source: default security group (default) |
Allows IPv6 instances in the security group to communicate with each other using any protocol over any port. |
|
Outbound |
Allow |
IPv4 |
All |
Destination: 0.0.0.0/0 |
Allows all traffic from the instances in the security group to any IPv4 address over any port. |
|
Outbound |
Allow |
IPv6 |
All |
Destination: ::/0 |
Allows all traffic from the instances in the security group to any IPv6 address over any port. |
Sys-FullAccess and Sys-WebServer Security Group Rules
- Add the Sys-WebServer security group.
- Add the Sys-FullAccess security group.
|
Direction |
Action |
Type |
Protocol & Port |
Source/Destination |
Description |
|---|---|---|---|---|---|
|
Inbound |
Allow |
IPv4 |
ICMP: All |
Source: 0.0.0.0/0 |
Allows the use of the ping command to test the network connectivity over IPv4 protocols. |
|
Inbound |
Allow |
IPv4 |
All |
Source: current security group (Sys-WebServer) |
Allows instances in the security group to communicate with each other over IPv4 protocols. |
|
Inbound |
Allow |
IPv4 |
TCP: 443 |
Source: 0.0.0.0/0 |
Allows all IPv4 addresses to access websites deployed on ECSs over HTTPS. |
|
Inbound |
Allow |
IPv4 |
TCP: 80 |
Source: 0.0.0.0/0 |
Allows all IPv4 addresses to access websites deployed on ECSs over HTTP. |
|
Inbound |
Allow |
IPv4 |
TCP: 22 |
Source: 0.0.0.0/0 |
Allows all IPv4 addresses to access Linux ECSs over SSH. |
|
Inbound |
Allow |
IPv4 |
TCP: 3389 |
Source: 0.0.0.0/0 |
Allows all IPv4 addresses to access Windows ECSs through the default Windows remote desktop. |
|
Inbound |
Allow |
IPv6 |
All |
Source: current security group (Sys-WebServer) |
Allows instances in the security group to communicate with each other over IPv6 protocols. |
|
Outbound |
Allow |
IPv4 |
All |
Destination: 0.0.0.0/0 |
Allows access from instances in the security group to any IPv4 address over any port. |
|
Outbound |
Allow |
IPv6 |
All |
Destination: ::/0 |
Allows access from instances in the security group to any IPv6 address over any port. |
|
Direction |
Action |
Type |
Protocol & Port |
Source/Destination |
Description |
|---|---|---|---|---|---|
|
Inbound |
Allow |
IPv4 |
All |
Source: current security group (Sys-FullAccess) |
Allows instances in the security group to communicate with each other over IPv4 protocols. |
|
Inbound |
Allow |
IPv6 |
All |
Source: current security group (Sys-FullAccess) |
Allows instances in the security group to communicate with each other over IPv6 protocols. |
|
Inbound |
Allow |
IPv4 |
All |
Source: 0.0.0.0/0 |
Allows all inbound data packets to pass through over IPv4 protocols. |
|
Inbound |
Allow |
IPv6 |
All |
Source address::/0 |
Allows all inbound data packets to pass through over IPv6 protocols. |
|
Outbound |
Allow |
IPv4 |
All |
Destination: 0.0.0.0/0 |
Allows access from instances in the security group to any IPv4 address over any port. |
|
Outbound |
Allow |
IPv6 |
All |
Destination: ::/0 |
Allows access from instances in the security group to any IPv6 address over any port. |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.
