Creating a Security Group
You can create security groups and add ECSs in a VPC to different security groups to improve ECS access security. We recommend that you allocate ECSs that have different Internet access requirements to different security groups.
Each ECS must be associated with at least one security group. If you have no security group when creating an ECS, the system provides a default security group.
You have an option to create a new security group for the ECS. This section describes how to create a security group on the management console.
- Log in to the management console.
- Click in the upper left corner and select the desired region and project.
- On the console homepage, under Networking, click Virtual Private Cloud.
- In the navigation pane on the left, choose Access Control > Security Groups.
- On the Security Groups page, click Create Security Group.
- In the Create Security Group area, set the parameters as prompted. Table 1 lists the parameters to be configured.
Figure 1 Create Security Group
Table 1 Parameter description
A template comes with default security group rules, helping you quickly create security groups. The following templates are provided:
- Custom: This template allows you to create security groups with custom security group rules.
- General-purpose web server: The security group that you create using this template is for general-purpose web servers and includes default rules that allow all inbound ICMP traffic and allow inbound traffic on ports 22, 80, 443, and 3389.
- All ports open: The security group that you create using this template includes default rules that allow inbound traffic on any port. Note that allowing inbound traffic on any port poses security risks.
General-purpose web server
The security group name. This parameter is mandatory.
The security group name can contain a maximum of 64 characters, which may consist of letters, digits, underscores (_), hyphens (-), and periods (.). The name cannot contain spaces.NOTE:
You can change the security group name after a security group is created. It is recommended that you give each security group a different name.
When creating a security group, you can add the security group to an enabled enterprise project.
An enterprise project facilitates project-level management and grouping of cloud resources and users. The name of the default project is default.
For details about creating and managing enterprise projects, see the Enterprise Management User Guide.
Supplementary information about the security group. This parameter is optional.
The security group description can contain a maximum of 255 characters and cannot contain angle brackets (< or >).
- Click OK.
- For each security group, you can add rules that control the inbound traffic to ECSs, and a separate set of rules that control the outbound traffic. For details, see Adding a Security Group Rule.
- Each ECS must be associated with at least one security group. You can add an ECS to multiple security groups based on service requirements. For details, see Adding Instances to and Removing Them from a Security Group.
Was this page helpful?Provide feedback
For any further questions, feel free to contact us through the chatbot.Chatbot