Security Group

Security Group
Like a firewall, a security group is a logical group used to control network access. Add inbound and outbound rules that apply to all Kafka instances associated with a security group.

A security group allows outgoing traffic by default, and the Kafka instances in it can communicate with one another.

The following table describes common protocols and ports used by Kafka instances. You can determine whether to enable the ports as required.

**Table 1** Security group rules
Direction	Protocol	Type	Port	Source	Description
Inbound	TCP	IPv4	9094	IP address or IP address group of the Kafka client	Access a Kafka instance through the public network (without SSL encryption).
Inbound	TCP	IPv4	9092	IP address or IP address group of the Kafka client	Access a Kafka instance within a VPC (without SSL encryption).
Inbound	TCP	IPv6	9192	IP address or IP address group of the Kafka client	Accessing a Kafka instance using IPv6 addresses (without SSL) (private or public network)
Inbound	TCP	IPv4	9095	IP address or IP address group of the Kafka client	Access a Kafka instance through the public network (with SSL encryption).
Inbound	TCP	IPv4	9093	IP address or IP address group of the Kafka client	Access a Kafka instance within a VPC (with SSL encryption).
Inbound	TCP	IPv6	9193	IP address or IP address group of the Kafka client	Accessing a Kafka instance using IPv6 addresses (with SSL) (private or public network)
Inbound	TCP	IPv4	9011	198.19.128.0/17	Access a Kafka instance across VPCs using a VPC endpoint (with or without SSL).
Inbound	TCP	IPv4	9011	IP address or IP address group of the Kafka client	Access a Kafka instance using DNAT (with or without SSL).