IP Address Group Overview
What Is an IP Address Group?
Resource |
Description |
Example |
---|---|---|
Security group |
The Source or Destination of a security group rule can be set to IP address group. |
As shown in Figure 1, the inbound rule of security group sg-A uses IP address group ipGroup-A as the source. |
Network ACL |
The Source or Destination of a network ACL is set to IP address group. |
As shown in Figure 1, the inbound rule of network ACL fw-A uses IP address group ipGroup-A as the source. |
Notes
If you have multiple IP addresses with the same security requirements, you can add them to an IP address group and select this IP address group when you configure a rule, to help you manage them in an easier way. When an IP address changes, you only need to change the IP address in the IP address group. Then, the rules in the IP address group change accordingly. You do not need to modify the rules in the security group one by one. This simplifies security group management and improves efficiency. For details, see Using IP Address Groups to Reduce the Number of Security Group Rules.
Constraints
- Security group rules that are associated with an IP address group do not take effect for certain ECSs.
- General computing (S1, C1, and C2 ECSs)
- Memory-optimized (M1 ECSs)
- High-performance computing (H1 ECSs)
- Disk-intensive (D1 ECSs)
- GPU-accelerated (G1 and G2 ECSs)
- Large-memory (E1, E2, and ET2 ECSs)
- If a network ACL rule uses an IP address group:
- Either the source or the destination of an inbound rule can use the IP address group.
- Either the source or the destination of an outbound rule can use the IP address group.
For example, if the source of an inbound rule network ACL is set to an IP address group, the rule destination can only be an IP address.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.