- What's New
- Function Overview
- Service Overview
- Billing
- Getting Started
-
User Guide
- Permissions Management
- Elastic IP
- EIP Billing
- EIP Pool
- Shared Bandwidth
- Shared Data Package
- Global EIPs
- Global Internet Gateways
- Global Internet Bandwidths
- Global Connection Bandwidths
- Cloud Eye Monitoring
- Best Practices
-
API Reference
- Before You Start
- API Overview
- Calling APIs
- APIs
- API V3
- Native OpenStack Neutron APIs V2.0
- Application Examples
- Permissions Policies and Supported Actions
- Appendix
- SDK Reference
-
FAQs
-
Product Consultation
- Managing Quotas
- How Do I Assign or Retrieve a Specific EIP?
- Why Is an EIP Newly Assigned the Same as the One I Released?
- Can I Buy a Specific EIP?
- Does an EIP Change Over Time?
- Why Can't I Find My Purchased EIP on the Management Console?
- What Is the EIP Assignment Policy?
- Can an EIP Be Used or Migrated Across Accounts?
- How Do I Query the Traffic Usage of My EIP?
- Do I Need to Configure a Shared Data Package for Use After It Is Purchased?
- Can I Change the Dedicated Bandwidth Used by an EIP to a Shared Bandwidth?
- How Many ECSs Can I Bind an EIP To?
- What Are the Differences Between EIP, Private IP Address, and Virtual IP Address?
- What Are the Differences Among a Bandwidth Add-On Package, Shared Data Package, and Shared Bandwidth?
- When Should I Use Premium BGP and Are There Any Limitations on Using Premium BGP?
- Why My EIPs Are Frozen? How Do I Unfreeze My EIPs?
-
Billing and Payments
- How Is an EIP Billed?
- How Do I Change My EIP Billing Mode Between Pay-per-Use and Yearly/Monthly?
- How Do I Change the Billing Option of a Pay-per-Use EIP Between By Bandwidth and By Traffic?
- Why Am I Still Being Billed After My EIP Has Been Unbound or Released?
- When Will I Be Billed for Reservation Price?
-
EIP Binding and Unbinding
- How Do I Access an ECS with an EIP Bound from the Internet?
- How Can I Unbind an Existing EIP from an Instance and Bind Another EIP to the Instance?
- Can I Bind an EIP of an ECS to Another ECS?
- Can I Bind an EIP to a Cloud Resource in Another Region?
- Can Multiple EIPs Be Bound to an ECS?
- What Are the Differences Between Unbinding and Releasing an EIP?
-
Bandwidth
- How Do I Increase a Bandwidth to Be More Than 300 Mbit/s?
- What Bandwidth Types Are Available?
- How Many EIPs Can I Add to Each Shared Bandwidth?
- What Are the Differences Between a Dedicated Bandwidth and a Shared Bandwidth?
- What Are Inbound Bandwidth and Outbound Bandwidth?
- How Do I Know If My EIP Bandwidth Has Been Exceeded?
- What Are the Differences Between Public Bandwidth and Private Bandwidth?
- Can I Increase a Yearly/Monthly Bandwidth and Decrease It Later?
- What Is the Relationship Between Bandwidth and Upload/Download Rate?
- What Are the Differences Among Static BGP, Dynamic BGP, and Premium BGP?
-
Connectivity
- What Are the Priorities of the Custom Route and EIP If Both Are Configured for an ECS to Enable the ECS to Access the Internet?
- Why Can't My ECS Access the Internet Even After an EIP Is Bound?
- What Should I Do If an EIP Cannot Be Pinged?
- How Do I Unblock an EIP?
- Why Is There Network Jitter or Packet Loss During Cross-Border Communications?
- Why Does the Download Speed of My ECS Is Slow?
-
Product Consultation
- Videos
- Glossary
-
More Documents
-
User Guide (ME-Abu Dhabi Region)
- Service Overview
- Quick Start
-
Elastic IP
- EIP Overview
- Assigning an EIP and Binding It to an ECS
- Assigning an EIP
- Binding an EIP to an Instance
- Unbinding an EIP from an Instance
- Releasing an EIP
- Changing Dedicated Bandwidth Size of an EIP
- Unbinding an EIP from an ECS and Releasing the EIP
- Modifying an EIP Bandwidth
- Exporting EIP Information
- Managing EIP Tags
- Shared Bandwidth
- Monitoring
-
FAQs
-
Product Consultation
- What Is a Quota?
- How Do I Assign or Retrieve a Specific EIP?
- Why Is an EIP Newly Assigned the Same as the One I Released?
- What Are the Differences Between EIP, Private IP Address, and Virtual IP Address?
- Can an EIP That Uses Dedicated Bandwidth Be Changed to Use Shared Bandwidth?
- Can I Bind an EIP to Multiple ECSs?
- What Are the Differences Between the Primary and Extension NICs of ECSs?
- What Is the EIP Assignment Policy?
- Can I Assign a Specific EIP?
- Can a Bandwidth Be Used by Multiple Accounts?
- How Do I Unbind an EIP from an Instance and Bind a New EIP to the Instance?
- Why Can't I Find My Assigned EIP on the Management Console?
- EIP Binding and Unbinding
-
Bandwidth
- What Is the Bandwidth Size Range?
- How Do I Increase a Bandwidth to Be More Than 300 Mbit/s?
- What Bandwidth Types Are Available?
- Is There a Limit to the Number of EIPs That Can Be Added to Each Shared Bandwidth?
- What Are the Differences Between a Dedicated Bandwidth and a Shared Bandwidth?
- What Are Inbound Bandwidth and Outbound Bandwidth?
- How Do I Know If My EIP Bandwidth Limit Has Been Exceeded?
- What Are the Differences Between Public Bandwidth and Private Bandwidth?
- What Is the Relationship Between Bandwidth and Upload/Download Rate?
- Connectivity
-
Product Consultation
- Change History
- API Reference (ME-Abu Dhabi Region)
-
User Guide (Kuala Lumpur Region)
- Service Overview
- Quick Start
- EIP
- Shared Bandwidth
- Monitoring
-
FAQs
- Product Consultation
- EIP Binding and Unbinding
-
Bandwidth
- What Is the Bandwidth Size Range?
- What Bandwidth Types Are Available?
- Is There a Limit to the Number of EIPs That Can Be Added to Each Shared Bandwidth?
- What Are the Differences Between a Dedicated Bandwidth and a Shared Bandwidth? Can a Dedicated Bandwidth Be Changed to a Shared Bandwidth or the Other Way Around?
- Connectivity
- Change History
- API Reference (Kuala Lumpur Region)
- User Guide (Ankara Region)
- API Reference (Ankara Region)
-
User Guide (ME-Abu Dhabi Region)
- General Reference
Copied.
Step 4: Create a Security Group
Scenarios
A security group consists of inbound and outbound rules. You can add security group rules to allow or deny the traffic to reach and leave the instances (such as ECSs) in the security group.
When creating an instance (for example, an ECS), you must associate it with a security group. If no security group has been created yet, a default security group will be created and associated with the instance. You can also create a security group and add inbound and outbound rules to allow specific traffic.
Security Group Templates
Template |
Direction |
Protocol/Port/Type |
Source/Destination |
Description |
Application Scenario |
---|---|---|---|---|---|
General-purpose web server |
Inbound |
TCP: 22 (IPv4) |
0.0.0.0/0 |
Allows all IPv4 addresses to access ECSs in the security group over port 22 (SSH) for remotely logging in to Linux ECSs. |
|
TCP: 3389 (IPv4) |
0.0.0.0/0 |
Allows all IPv4 addresses to access ECSs in the security group over port 3389 (RDP) for remotely logging in to Windows ECSs. |
|||
TCP: 80 (IPv4) |
0.0.0.0/0 |
Allows all IPv4 addresses to access ECSs in the security group over port 80 (HTTP) for visiting websites. |
|||
TCP: 443 (IPv4) |
0.0.0.0/0 |
Allows all IPv4 addresses to access ECSs in the security group over port 443 (HTTPS) for visiting websites. |
|||
ICMP: All (IPv4) |
0.0.0.0/0 |
Allows all IPv4 addresses to access ECSs in the security group over any port for using the ping command to test ECS connectivity. |
|||
All (IPv4) All (IPv6) |
sg-xxx |
Allows ECSs in the security group to communicate with each other. |
|||
Outbound |
All (IPv4) All (IPv6) |
0.0.0.0/0 ::/0 |
Allows access from ECSs in the security group to any IP address over any port. |
||
All ports open |
Inbound |
All (IPv4) All (IPv6) |
sg-xxx |
Allows ECSs in the security group to communicate with each other. |
Opening all ECS ports in a security group poses security risks. |
All (IPv4) All (IPv6) |
0.0.0.0/0 ::/0 |
Allows all IP addresses to access ECSs in the security group over any port. |
|||
Outbound |
All (IPv4) All (IPv6) |
0.0.0.0/0 ::/0 |
Allows access from ECSs in the security group to any IP address over any port. |
||
Fast-add rule |
Inbound |
All (IPv4) All (IPv6) |
sg-xxx |
Allows ECSs in the security group to communicate with each other. |
You can select protocols and ports that the inbound rule will apply to. |
Custom port and protocol |
0.0.0.0/0 |
Allows all IP addresses to access ECSs in a security group over specified ports (TCP or ICMP) for different purposes. |
|||
Outbound |
All (IPv4) All (IPv6) |
0.0.0.0/0 ::/0 |
Allows access from ECSs in the security group to any IP address over any port. |
Procedure
- Log in to the management console.
- Click
in the upper left corner and select the desired region and project.
- Click
in the upper left corner and choose Network > Virtual Private Cloud.
The Virtual Private Cloud page is displayed.
- In the navigation pane on the left, choose Access Control > Security Groups.
The security group list is displayed.
- In the upper right corner, click Create Security Group.
The Create Security Group page is displayed.
- Configure the parameters as prompted.
Figure 1 Create Security Group
Table 2 Parameter description Parameter
Description
Example Value
Name
Mandatory
Enter the security group name.
The security group name can contain a maximum of 64 characters, which may consist of letters, digits, underscores (_), hyphens (-), and periods (.). The name cannot contain spaces.
NOTE:
You can change the security group name after a security group is created. It is recommended that you give each security group a different name.
sg-AB
Enterprise Project
Mandatory
When creating a security group, you can add the security group to an enabled enterprise project.
An enterprise project lets you manage cloud resources and personnel by enterprise project. The default project is default.
For details about creating and managing enterprise projects, see the Enterprise Management User Guide.
default
Template
Mandatory
Several security group templates are provided for you to create a security group. A security group template has preconfigured inbound and outbound rules. You can select a template based on your service requirements.
General-purpose web server
Description
Optional
Supplementary information about the security group.
The description can contain a maximum of 255 characters and cannot contain angle brackets (< or >).
-
- Confirm the inbound and outbound rules of the template and click OK.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot