Updated on 2024-06-21 GMT+08:00

Default Security Group and Rules

Note the following when using default security group rules:
  • Inbound rules control incoming traffic to instances in the default security group. The instances can only communicate with each other but cannot be accessed from external networks.
  • Outbound rules allow all traffic from the instances in the default security group to external networks.

Figure 1 shows the default security group.

Figure 1 Default security group
  • You cannot delete the default security group, but you can modify existing rules or add rules to the group.
  • The default security group is automatically created to simplify the process of creating an instance for the first time. The default security group denies all external requests. To log in to an instance, add a security group rule by referring to Remotely Logging In to an ECS from a Local Server.

Table 1 describes the rules in the default security group.

Table 1 Default security group rules

Direction

Protocol

Port/Range

Source/Destination

Description

Outbound

All

All

Destination: 0.0.0.0/0

Allows all outbound traffic.

Inbound

All

All

Source: the current security group (for example, sg-xxxxx)

Allows communications among ECSs within the security group and denies all inbound traffic (incoming data packets).

Inbound

TCP

22

Source: 0.0.0.0/0

Allows all IP addresses to access Linux ECSs over SSH.

Inbound

TCP

3389

Source: 0.0.0.0/0

Allows all IP addresses to access Windows ECSs over RDP.