Help Center/ Virtual Private Network/ FAQs/ Classic VPN/ VPN Negotiation and Interconnection/ How Can I Use Security Groups to Prevent ECSs in a VPC From Being Accessed Through a VPN to Implement Security Isolation?
Updated on 2023-06-16 GMT+08:00

How Can I Use Security Groups to Prevent ECSs in a VPC From Being Accessed Through a VPN to Implement Security Isolation?

You can configure security groups to allow access only to specific CIDR blocks or ECSs in a VPC through a VPN.

Configuration example: Prevent ECSs in VPC subnet 10.1.0.0/24 from accessing on-premises subnet 192.168.1.0/24.

Procedure:

  1. Create security groups 1 and 2.
  2. Security group 1 denies access from subnet 192.168.1.0/24.
  3. Security group 2 allows access from subnet 192.168.1.0/24.
  4. Associate ECSs in subnet 10.1.0.0/24 with security group 1 and associate other ECSs in the VPC with security group 2.