Help Center/ Virtual Private Network/ FAQs/ VPN Negotiation and Interconnection/ How Can I Use Security Groups to Prevent VPN Access to Some ECSs in a VPC to Implement Security Isolation?
Updated on 2023-10-20 GMT+08:00

How Can I Use Security Groups to Prevent VPN Access to Some ECSs in a VPC to Implement Security Isolation?

You can configure security groups to allow access only to specific CIDR blocks or ECSs in a VPC through a VPN.

Configuration example: Prevent the customer subnet 192.168.1.0/24 from accessing ECSs in the VPC subnet 10.1.0.0/24.

Procedure:

  1. Create security groups 1 and 2.
  2. Configure security group 1 to deny access from subnet 192.168.1.0/24.
  3. Configure security group 2 to permit access from subnet 192.168.1.0/24.
  4. Associate ECSs in subnet 10.1.0.0/24 with security group 1 and associate other ECSs in the VPC with security group 2.