Help Center> Virtual Private Cloud> User Guide> IP Address Group> IP Address Group
Updated on 2024-06-13 GMT+08:00
View PDF

IP Address Group

What Is an IP Address Group?

An IP address group is a collection of IP addresses. It can be associated with security groups and network ACLs to simplify IP address configuration and management.

You can add IP address ranges and IP addresses that need to be managed in a unified manner to an IP address group. An IP address group can work together with different cloud resources. Table 1 lists the resources that can be associated with an IP address group.
Table 1 Resources that can be associated with an IP address group

Resource

Description

Example

Security group

The Source or Destination of a security group rule can be set to IP address group.

As shown in Figure 1, the inbound rule of security group sg-A uses IP address group ipGroup-A as the source.

Network ACL

The Source or Destination of a network ACL is set to IP address group.

As shown in Figure 1, the inbound rule of network ACL fw-A uses IP address group ipGroup-A as the source.
Figure 1 Using IP address group

Notes

If you have multiple IP addresses with the same security requirements, you can add them to an IP address group and select this IP address group when you configure a rule, to help you manage them in a more simple way. When an IP address changes, you only need to change the IP address in the IP address group. Then, the rules in the IP address group change accordingly. You do not need to modify the rules in the security group one by one. This simplifies security group management and improves efficiency. For details, see Using IP Address Groups to Reduce the Number of Security Group Rules.

Constraints

  • Security group rules that are associated with an IP address group do not take effect for certain ECSs.
    • General computing (S1, C1, and C2 ECSs)
    • Memory-optimized (M1 ECSs)
    • High-performance computing (H1 ECSs)
    • Disk-intensive (D1 ECSs)
    • GPU-accelerated (G1 and G2 ECSs)
    • Large-memory (E1, E2, and ET2 ECSs)
  • If a network ACL rule uses an IP address group:
    • Either the source or the destination of an inbound rule can use the IP address group.
    • Either the source or the destination of an outbound rule can use the IP address group.

    For example, if the source of an inbound rule network ACL is set to an IP address group, the rule destination can only be an IP address.

Parent Topic: IP Address Group