Updated on 2024-04-11 GMT+08:00

Default Security Group and Rules

If no security groups have been created yet, a default security group is automatically created for you, and the instance will be associated with it when you are creating the instance. Note the following when using the default security group:

Default Security Group Rules

Note the following when using default security group rules:
  • Inbound rules control incoming traffic to instances in the default security group. The instances can only communicate with each other but cannot be accessed from external networks.
  • Outbound rules allow all traffic from the instances in the default security group to external networks.
Figure 1 Default security group

Table 1 describes the default rules for the default security group.

Table 1 Default security group rules

Direction

Protocol

Port/Range

Source/Destination

Description

Outbound

All

All

Destination: 0.0.0.0/0

Allows all outbound traffic.

Inbound

All

All

Source: the current security group (for example, sg-xxxxx)

Allows communications among ECSs within the security group and denies all inbound traffic (incoming data packets).

Inbound

TCP

22

Source: 0.0.0.0/0

Allows all IP addresses to access Linux ECSs over SSH.

Inbound

TCP

3389

Source: 0.0.0.0/0

Allows all IP addresses to access Windows ECSs over RDP.