Step 4: Create a Security Group
Scenarios
A security group consists of inbound and outbound rules. You can add security group rules to allow or deny the traffic to reach and leave the instances (such as ECSs) in the security group.
When creating an instance (for example, an ECS), you must associate it with a security group. If no security group has been created yet, a default security group will be created and associated with the instance. You can also create a security group and add inbound and outbound rules to allow specific traffic.
Security Group Templates
|
Template |
Direction |
Protocol/Port/Type |
Source/Destination |
Description |
Application Scenario |
|---|---|---|---|---|---|
|
General-purpose web server |
Inbound |
TCP: 22 (IPv4) |
0.0.0.0/0 |
Allows all IPv4 addresses to access ECSs in the security group over port 22 (SSH) for remotely logging in to Linux ECSs. |
|
|
TCP: 3389 (IPv4) |
0.0.0.0/0 |
Allows all IPv4 addresses to access ECSs in the security group over port 3389 (RDP) for remotely logging in to Windows ECSs. |
|||
|
TCP: 80 (IPv4) |
0.0.0.0/0 |
Allows all IPv4 addresses to access ECSs in the security group over port 80 (HTTP) for visiting websites. |
|||
|
TCP: 443 (IPv4) |
0.0.0.0/0 |
Allows all IPv4 addresses to access ECSs in the security group over port 443 (HTTPS) for visiting websites. |
|||
|
ICMP: All (IPv4) |
0.0.0.0/0 |
Allows all IPv4 addresses to access ECSs in the security group over any port for using the ping command to test ECS connectivity. |
|||
|
All (IPv4) All (IPv6) |
sg-xxx |
Allows ECSs in the security group to communicate with each other. |
|||
|
Outbound |
All (IPv4) All (IPv6) |
0.0.0.0/0 ::/0 |
Allows access from ECSs in the security group to any IP address over any port. |
||
|
All ports open |
Inbound |
All (IPv4) All (IPv6) |
sg-xxx |
Allows ECSs in the security group to communicate with each other. |
Opening all ECS ports in a security group poses security risks. |
|
All (IPv4) All (IPv6) |
0.0.0.0/0 ::/0 |
Allows all IP addresses to access ECSs in the security group over any port. |
|||
|
Outbound |
All (IPv4) All (IPv6) |
0.0.0.0/0 ::/0 |
Allows access from ECSs in the security group to any IP address over any port. |
||
|
Fast-add rule |
Inbound |
All (IPv4) All (IPv6) |
sg-xxx |
Allows ECSs in the security group to communicate with each other. |
You can select protocols and ports that the inbound rule will apply to. |
|
Custom port and protocol |
0.0.0.0/0 |
Allows all IP addresses to access ECSs in a security group over specified ports (TCP or ICMP) for different purposes. |
|||
|
Outbound |
All (IPv4) All (IPv6) |
0.0.0.0/0 ::/0 |
Allows access from ECSs in the security group to any IP address over any port. |
Procedure
- Log in to the management console.
- Click
in the upper left corner and select the desired region and project. - Click
in the upper left corner and choose Network > Virtual Private Cloud.
The Virtual Private Cloud page is displayed.
- In the navigation pane on the left, choose Access Control > Security Groups.
The security group list is displayed.
- In the upper right corner, click Create Security Group.
The Create Security Group page is displayed.
- Configure the parameters as prompted.
Figure 1 Create Security Group
Table 2 Parameter description Parameter
Description
Example Value
Name
Mandatory
Enter the security group name.
The security group name can contain a maximum of 64 characters, which may consist of letters, digits, underscores (_), hyphens (-), and periods (.). The name cannot contain spaces.
NOTE:You can change the security group name after a security group is created. It is recommended that you give each security group a different name.
sg-AB
Enterprise Project
Mandatory
When creating a security group, you can add the security group to an enabled enterprise project.
An enterprise project lets you manage cloud resources and personnel by enterprise project. The default project is default.
For details about creating and managing enterprise projects, see the Enterprise Management User Guide.
default
Template
Mandatory
Several security group templates are provided for you to create a security group. A security group template has preconfigured inbound and outbound rules. You can select a template based on your service requirements.
General-purpose web server
Description
Optional
Supplementary information about the security group.
The description can contain a maximum of 255 characters and cannot contain angle brackets (< or >).
-
- Confirm the inbound and outbound rules of the template and click OK.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
