Updated on 2024-12-03 GMT+08:00

Overview

Security Groups

A security group is a collection of access control rules for cloud resources, such as cloud servers, containers, and databases, that have the same security protection requirements and that are mutually trusted. After a security group is created, you can configure access rules that will apply to all cloud resources added to this security group.

When you create a FlexusL instance, the system automatically creates a default security group (sg-default-smb) and associates it with the instance. You can also create a security group based on service requirements and associate it with the instance. An instance can be associated with multiple security groups, and traffic to and from the instance is matched by priority in a descending order.

For more information about security groups, see Security Group.

Security Group Rules

A security group has inbound and outbound rules to control traffic that is allowed to reach or leave the instances associated with the security group.
  • Inbound rules: control traffic to the instances in a security group.
  • Outbound rules: control traffic from the instances in a security group to access external networks.

Each security group has default rules. For details, see Table 1. You can also customize security group rules. For details, see Configuring Security Group Rules for a FlexusL Instance.

Table 1 Default security group rules

Direction

Action

Type

Protocol & Port

Source/Destination

Description

Inbound

Allow

IPv4

All

Source: sg-default-smb

Allows instances in the security group to communicate with each other over IPv4 protocols.

Inbound

Allow

IPv6

All

Allows instances in the security group to communicate with each other over IPv6 protocols.

Outbound

Allow

IPv4

All

Destination: 0.0.0.0/0

Allows access from instances in the security group to any IPv4 address over any port.

Outbound

Allow

IPv6

All

Destination: ::/0

Allows access from instances in the security group to any IPv6 address over any port.

Security Group Constraints

  • By default, you can create up to 100 security groups in your cloud account.
  • By default, you can add up to 50 rules to a security group.
  • For better network performance, you are advised to associate no more than five security groups with a FlexusL instance or supplementary network interface.
  • You can add up to 20 instances to a security group at a time.
  • You can add up to 1,000 instances to a security group.