sgode/virtual-private-cloud
1
0
Fork 0
forked from docs/virtual-private-cloud
Code Pull Requests Activity

Update content

Browse Source
This commit is contained in:
OpenTelekomCloud Proposal Bot 2023-12-07 03:16:40 +00:00
parent 23bf2a98f0
commit 0d97d05836
31 changed files with 444 additions and 229 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
umn/source/_static/images/en-us_image_0000001646961692.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 128 B

BIN
umn/source/_static/images/en-us_image_0129473334.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 10 KiB

28
umn/source/access_control/firewall/adding_a_firewall_rule.rst
View File

@ -43,17 +43,17 @@ Procedure
.. table:: **Table 1** Parameter descriptions
+------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
+------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Parameter | Description | Example Value |
+========================+========================================================================================================================================================================================+=======================+
+========================+==========================================================================================================================================================================================================================================================================================================================================+=======================+
| Type | The firewall type. This parameter is mandatory. You can select a value from the drop-down list. Currently, only **IPv4** and **IPv6** are supported. | IPv4 |
+------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
+------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Action | The action in the firewall. This parameter is mandatory. You can select a value from the drop-down list. Currently, the value can be **Allow** or **Deny**. | Allow |
+------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
+------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Protocol | The protocol supported by the firewall. This parameter is mandatory. You can select a protocol from the drop-down list. | TCP |
| | | |
| | You can select **TCP**, **UDP**, **ICMP**, or **All**. | |
+------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
+------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Source | The source from which the traffic is allowed. The source can be an IP address or IP address range. | 0.0.0.0/0 |
| | | |
| | - IP address: | |
@ -62,12 +62,14 @@ Procedure
| | - All IP addresses: 0.0.0.0/0 | |
| | - IP address range: 192.168.1.0/24 | |
| | | |
| | - Security group: sg-A | |
+------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| | - **IP address group**: The source is an IP address group. An IP address group is a collection of one or more IP addresses. You can select an available IP address group from the drop-down list. An IP address group can help you manage IP address ranges and IP addresses with same security requirements in a more simple way. | |
| | | |
| | Either the source or the destination of a network ACL rule can use the IP address group. For example, if the source uses an IP address group, the destination address cannot use an IP address group. | |
+------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Source Port Range | The source port number or port number range. The value ranges from 1 to 65535. For a port number range, enter two port numbers connected by a hyphen (-). For example, **1-100**. | 22, or 22-30 |
| | | |
| | You must specify this parameter if **TCP** or **UDP** is selected for **Protocol**. | |
+------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
+------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Destination | The destination to which the traffic is allowed. The destination can be an IP address or IP address range. | 0.0.0.0/0 |
| | | |
| | - IP address: | |
@ -76,16 +78,18 @@ Procedure
| | - All IP addresses: 0.0.0.0/0 | |
| | - IP address range: 192.168.1.0/24 | |
| | | |
| | - Security group: sg-A | |
+------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| | - **IP address group**: The destination is an IP address group. An IP address group is a collection of one or more IP addresses. You can select an available IP address group from the drop-down list. An IP address group can help you manage IP address ranges and IP addresses with same security requirements in a more simple way. | |
| | | |
| | Either the source or the destination of a network ACL rule can use the IP address group. For example, if the source uses an IP address group, the destination address cannot use an IP address group. | |
+------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Destination Port Range | The destination port number or port number range. The value ranges from 1 to 65535. For a port number range, enter two port numbers connected by a hyphen (-). For example, **1-100**. | 22, or 22-30 |
| | | |
| | You must specify this parameter if **TCP** or **UDP** is selected for **Protocol**. | |
+------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
+------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Description | Supplementary information about the firewall rule. This parameter is optional. | N/A |
| | | |
| | The description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | |
+------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
+------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
7. Click **OK**.

9
umn/source/access_control/firewall/associating_subnets_with_a_firewall.rst
View File

@ -8,12 +8,13 @@ Associating Subnets with a Firewall
Scenarios
---------
You can associate a firewall with a subnet to protect resources in the subnet. After a firewall is associated with a subnet, the firewall denies all traffic to and from the subnet until you add rules to allow traffic.
You can associate a firewall with a subnet to protect resources in the subnet.
Notes and Constraints
---------------------
You can associate a firewall with multiple subnets. However, a subnet can only be associated with one firewall at a time.
- You can associate a firewall with multiple subnets. However, a subnet can only be associated with one firewall at a time.
- After a firewall is associated with a subnet, the default firewall rules deny all traffic to and from the subnet until you add custom rules to allow traffic. For details, see :ref:`Adding a Firewall Rule <en-us_topic_0051746702>`.
Procedure
---------
@ -32,13 +33,13 @@ Procedure
6. On the displayed page, click the **Associated Subnets** tab.
7. On the **Associated Subnets** page, click **Associate**.
7. On the **Associated Subnets** tab, click **Associate**.
8. On the displayed page, select the subnets to be associated with the firewall, and click **OK**.
.. note::
Subnets with firewalls associated will not be displayed on the page for you to select. If you want to associate such a subnet with another firewall, you must first disassociate the subnet from the original firewall. One-click subnet association and disassociation are not supported currently. A subnet can only be associated with one firewall.
A subnet with a firewall associated will not be displayed on the page for you to select. If you want to associate such a subnet with another firewall, you must first disassociate the subnet from the original firewall. One-click subnet association and disassociation are not supported currently. A subnet can only be associated with one firewall.
.. |image1| image:: /_static/images/en-us_image_0141273034.png
.. |image2| image:: /_static/images/en-us_image_0000001626734158.png

8
umn/source/access_control/firewall/disassociating_a_subnet_from_a_firewall.rst → umn/source/access_control/firewall/disassociating_subnets_from_a_firewall.rst
View File

@ -2,13 +2,13 @@
.. _vpc_acl_0003:
Disassociating a Subnet from a Firewall
=======================================
Disassociating Subnets from a Firewall
======================================
Scenarios
---------
Disassociate a subnet from a firewall when necessary.
You can disassociate a subnet from its firewall based on your network requirements.
Procedure
---------
@ -33,7 +33,7 @@ Procedure
**Disassociating subnets from a firewall**
Select multiple subnets and click **Disassociate** above the subnet list to disassociate the subnets from a firewall at a time.
Select multiple subnets and click **Disassociate** above the subnet list to disassociate the subnets from the firewall at a time.
.. |image1| image:: /_static/images/en-us_image_0141273034.png
.. |image2| image:: /_static/images/en-us_image_0000001675413845.png

4
umn/source/access_control/firewall/index.rst
View File

@ -10,7 +10,7 @@ Firewall
- :ref:`Creating a Firewall <en-us_topic_0051746698>`
- :ref:`Adding a Firewall Rule <en-us_topic_0051746702>`
- :ref:`Associating Subnets with a Firewall <en-us_topic_0051746700>`
- :ref:`Disassociating a Subnet from a Firewall <vpc_acl_0003>`
- :ref:`Disassociating Subnets from a Firewall <vpc_acl_0003>`
- :ref:`Changing the Sequence of a Firewall Rule <vpc_acl_0004>`
- :ref:`Modifying a Firewall Rule <vpc_acl_0005>`
- :ref:`Enabling or Disabling a Firewall Rule <vpc_acl_0006>`
@ -29,7 +29,7 @@ Firewall
creating_a_firewall
adding_a_firewall_rule
associating_subnets_with_a_firewall
disassociating_a_subnet_from_a_firewall
disassociating_subnets_from_a_firewall
changing_the_sequence_of_a_firewall_rule
modifying_a_firewall_rule
enabling_or_disabling_a_firewall_rule

28
umn/source/access_control/firewall/modifying_a_firewall_rule.rst
View File

@ -37,17 +37,17 @@ Procedure
.. table:: **Table 1** Parameter descriptions
+------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
+------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Parameter | Description | Example Value |
+========================+========================================================================================================================================================================================+=======================+
+========================+==========================================================================================================================================================================================================================================================================================================================================+=======================+
| Type | The firewall type. This parameter is mandatory. You can select a value from the drop-down list. Currently, only **IPv4** and **IPv6** are supported. | IPv4 |
+------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
+------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Action | The action in the firewall. This parameter is mandatory. You can select a value from the drop-down list. Currently, the value can be **Allow** or **Deny**. | Allow |
+------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
+------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Protocol | The protocol supported by the firewall. This parameter is mandatory. You can select a protocol from the drop-down list. | TCP |
| | | |
| | You can select **TCP**, **UDP**, **ICMP**, or **All**. | |
+------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
+------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Source | The source from which the traffic is allowed. The source can be an IP address or IP address range. | 0.0.0.0/0 |
| | | |
| | - IP address: | |
@ -56,12 +56,14 @@ Procedure
| | - All IP addresses: 0.0.0.0/0 | |
| | - IP address range: 192.168.1.0/24 | |
| | | |
| | - Security group: sg-A | |
+------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| | - **IP address group**: The source is an IP address group. An IP address group is a collection of one or more IP addresses. You can select an available IP address group from the drop-down list. An IP address group can help you manage IP address ranges and IP addresses with same security requirements in a more simple way. | |
| | | |
| | Either the source or the destination of a network ACL rule can use the IP address group. For example, if the source uses an IP address group, the destination address cannot use an IP address group. | |
+------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Source Port Range | The source port number or port number range. The value ranges from 1 to 65535. For a port number range, enter two port numbers connected by a hyphen (-). For example, **1-100**. | 22, or 22-30 |
| | | |
| | You must specify this parameter if **TCP** or **UDP** is selected for **Protocol**. | |
+------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
+------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Destination | The destination to which the traffic is allowed. The destination can be an IP address or IP address range. | 0.0.0.0/0 |
| | | |
| | - IP address: | |
@ -70,16 +72,18 @@ Procedure
| | - All IP addresses: 0.0.0.0/0 | |
| | - IP address range: 192.168.1.0/24 | |
| | | |
| | - Security group: sg-A | |
+------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| | - **IP address group**: The destination is an IP address group. An IP address group is a collection of one or more IP addresses. You can select an available IP address group from the drop-down list. An IP address group can help you manage IP address ranges and IP addresses with same security requirements in a more simple way. | |
| | | |
| | Either the source or the destination of a network ACL rule can use the IP address group. For example, if the source uses an IP address group, the destination address cannot use an IP address group. | |
+------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Destination Port Range | The destination port number or port number range. The value ranges from 1 to 65535. For a port number range, enter two port numbers connected by a hyphen (-). For example, **1-100**. | 22, or 22-30 |
| | | |
| | You must specify this parameter if **TCP** or **UDP** is selected for **Protocol**. | |
+------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
+------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Description | Supplementary information about the firewall rule. This parameter is optional. | N/A |
| | | |
| | The description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | |
+------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
+------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
7. Click **Confirm**.

4
umn/source/access_control/security_group/adding_a_security_group_rule.rst
View File

@ -93,8 +93,6 @@ Procedure
| | - All IP addresses: 0.0.0.0/0 | |
| | - IP address range: 192.168.1.0/24 | |
| | | |
| | - Security group: sg-A | |
| | | |
| | If the source is a security group, this rule will apply to all instances associated with the selected security group. | |
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Description | Supplementary information about the security group rule. This parameter is optional. | N/A |
@ -143,8 +141,6 @@ Procedure
| | - Single IP address: 192.168.10.10/32 | |
| | - All IP addresses: 0.0.0.0/0 | |
| | - IP address range: 192.168.1.0/24 | |
| | | |
| | - Security group: sg-A | |
+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Description | Supplementary information about the security group rule. This parameter is optional. | N/A |
| | | |

69
umn/source/access_control/security_group/allowing_common_ports_with_a_few_clicks.rst Normal file
View File

@ -0,0 +1,69 @@
:original_name: SecurityGroup_0005.html
.. _SecurityGroup_0005:
Allowing Common Ports with A Few Clicks
=======================================
Scenarios
---------
You can configure a security group to allow common ports with a few clicks. This function is suitable for the following scenarios:
- Remotely log in to ECSs.
- Use the ping command to test ECS connectivity.
- ECSs functioning as web servers provide website access services.
:ref:`Table 1 <securitygroup_0005__table117828131111>` describes the common ports that can be opened with a few clicks.
.. _securitygroup_0005__table117828131111:
.. table:: **Table 1** Common ports
+-----------+------------------------+--------------------+-----------------------------------------------------------------------------------------------------------------------------------+
| Direction | Protocol & Port & Type | Source/Destination | Description |
+===========+========================+====================+===================================================================================================================================+
| Inbound | TCP: 22 (IPv4) | 0.0.0.0/0 | Allows all IPv4 addresses to access ECSs in the security group over port 22 (SSH) for remotely logging in to Linux ECSs. |
+-----------+------------------------+--------------------+-----------------------------------------------------------------------------------------------------------------------------------+
| | TCP: 3389 (IPv4) | 0.0.0.0/0 | Allows all IPv4 addresses to access ECSs in the security group over port 3389 (RDP) for remotely logging in to Windows ECSs. |
+-----------+------------------------+--------------------+-----------------------------------------------------------------------------------------------------------------------------------+
| | TCP: 80 (IPv4) | 0.0.0.0/0 | Allows all IPv4 addresses to access ECSs in the security group over port 80 (HTTP) for visiting websites. |
+-----------+------------------------+--------------------+-----------------------------------------------------------------------------------------------------------------------------------+
| | TCP: 443 (IPv4) | 0.0.0.0/0 | Allows all IPv4 addresses to access ECSs in the security group over port 443 (HTTPS) for visiting websites. |
+-----------+------------------------+--------------------+-----------------------------------------------------------------------------------------------------------------------------------+
| | TCP: 20-21 (IPv4) | 0.0.0.0/0 | Allows all IPv4 addresses to access ECSs in the security group over ports 20 and 21 (FTP) for uploading or downloading files. |
+-----------+------------------------+--------------------+-----------------------------------------------------------------------------------------------------------------------------------+
| | ICMP: All (IPv4) | 0.0.0.0/0 | Allows all IPv4 addresses to access ECSs in the security group over any port for using the ping command to test ECS connectivity. |
+-----------+------------------------+--------------------+-----------------------------------------------------------------------------------------------------------------------------------+
| Outbound | All (IPv4) | 0.0.0.0/0 | Allows access from ECSs in the security group to any IP address over any port. |
+-----------+------------------------+--------------------+-----------------------------------------------------------------------------------------------------------------------------------+
Procedure
---------
#. Log in to the management console.
#. Click |image1| in the upper left corner and select the desired region and project.
#. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**.
The **Virtual Private Cloud** page is displayed.
#. In the navigation pane on the left, choose **Access Control** > **Security Groups**.
The security group list is displayed.
#. In the security group list, click the name of the security group.
The security group details page is displayed.
#. Click the **Inbound Rules** or **Outbound Rules** tab, and then click **Allow Common Ports**.
The **Allow Common Ports** page is displayed.
#. Click **OK**.
After the operation is complete, you can view the added rules in the security group rule list.
.. |image1| image:: /_static/images/en-us_image_0141273034.png
.. |image2| image:: /_static/images/en-us_image_0000001646961692.png

4
umn/source/access_control/security_group/cloning_a_security_group.rst
View File

@ -16,10 +16,6 @@ You can clone a security group in the following scenarios:
- If you need new security group rules, you can clone the original security group as a backup.
- Before you modify security group rules used by a service, you can clone the security group and modify the security group rules in the test environment to ensure that the modified rules work.
.. note::
Security group cloning is not supported now.
Notes and Constraints
---------------------

2
umn/source/access_control/security_group/default_security_group_and_its_rules.rst
View File

@ -5,7 +5,7 @@
Default Security Group and Its Rules
====================================
If you have not created any security group, the system automatically creates a default security group for you and associates it with the instance (such as an ECS) when you create it. A default security group has the following rules:
If you have not created any security groups yet, the system automatically creates a default security group for you and associates it with the instance (such as an ECS) when you create it. A default security group has the following rules:
- Inbound rules control incoming traffic to instances in a security group. Only instances in the same security group can communicate with each other, and all inbound requests are denied.
- Outbound rules allow all outbound traffic and response traffic to the outbound requests.

2
umn/source/access_control/security_group/importing_and_exporting_security_group_rules.rst
View File

@ -72,8 +72,6 @@ Procedure
| | - Single IP address: 192.168.10.10/32 | |
| | - All IP addresses: 0.0.0.0/0 | |
| | - IP address range: 192.168.1.0/24 | |
| | | |
| | - Security group: sg-A | |
+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------+
| Destination | Destination of the security group rule. The value can be an IP address or a security group to allow access to IP addresses or instances in the security group. For example: | sg-test[96a8a93f-XXX-d7872990c314] |
+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------+

2
umn/source/access_control/security_group/index.rst
View File

@ -14,6 +14,7 @@ Security Group
- :ref:`Deleting a Security Group <vpc_securitygroup_0008>`
- :ref:`Adding a Security Group Rule <en-us_topic_0030969470>`
- :ref:`Fast-Adding Security Group Rules <securitygroup_0004>`
- :ref:`Allowing Common Ports with A Few Clicks <securitygroup_0005>`
- :ref:`Modifying a Security Group Rule <vpc_securitygroup_0005>`
- :ref:`Replicating a Security Group Rule <vpc_securitygroup_0004>`
- :ref:`Importing and Exporting Security Group Rules <vpc_securitygroup_0007>`
@ -35,6 +36,7 @@ Security Group
deleting_a_security_group
adding_a_security_group_rule
fast-adding_security_group_rules
allowing_common_ports_with_a_few_clicks
modifying_a_security_group_rule
replicating_a_security_group_rule
importing_and_exporting_security_group_rules

4
umn/source/access_control/security_group/security_groups_and_security_group_rules.rst
View File

@ -8,9 +8,9 @@ Security Groups and Security Group Rules
Security Groups
---------------
A security group is a collection of access control rules for cloud resources, such as cloud servers, containers, and databases, that have the same security protection requirements and that are mutually trusted. After a security group is created, you can create various access rules for the security group, these rules will apply to all cloud resources added to this security group.
A security group is a collection of access control rules for cloud resources, such as cloud servers, containers, and databases, that have the same security protection requirements and that are mutually trusted. After a security group is created, you can create various access rules for the security group and these rules will apply to all cloud resources added to this security group.
If you have not created any security group yet, the system automatically creates a default security group for you and associates it with the instance (such as an ECS) when you create it. For details about the default security group, see :ref:`Default Security Group and Its Rules <securitygroup_0003>`.
If you have not created any security groups yet, the system automatically creates a default security group for you and associates it with the instance (such as an ECS) when you create it. For details about the default security group, see :ref:`Default Security Group and Its Rules <securitygroup_0003>`.
Security groups are stateful. If you send a request from your instance and the outbound traffic is allowed, the response traffic for that request is allowed to flow in regardless of inbound security group rules. Similarly, if inbound traffic is allowed, responses to allowed inbound traffic are allowed to flow out, regardless of outbound rules.

10
umn/source/change_history.rst
View File

@ -8,6 +8,16 @@ Change History
+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Released On | Description |
+===================================+====================================================================================================================================================================================================================================================================================================================================+
| 2023-11-30 | This release incorporates the following changes: |
| | |
| | - Added descriptions about IP address groups as source and destination in :ref:`Adding a Firewall Rule <en-us_topic_0051746702>`. |
+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| 2023-11-14 | This release incorporates the following changes: |
| | |
| | Added the following content: |
| | |
| | Added description about allowing common ports with a few clicks in :ref:`Allowing Common Ports with A Few Clicks <securitygroup_0005>`. |
+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| 2023-10-10 | This release incorporates the following changes: |
| | |
| | - Added the figure for configuring route tables in :ref:`Route Table <en-us_topic_0038263963>`. |

2
umn/source/elastic_ip/managing_eip_tags.rst
View File

@ -49,7 +49,7 @@ Procedure
#. Click |image2| in the upper left corner and choose **Network** > **Elastic IP**.
#. Click the search box and then click **Tag** in the drop-down list.
#. Click the search box above the EIP list.
#. Select the tag key and value of the EIP.

6
umn/source/faq/security/how_do_i_configure_a_security_group_for_multi-channel_protocols.rst
View File

@ -16,9 +16,3 @@ Security Group Configuration
You can configure port 69 and configure data channel ports used by TFTP for the security group. In RFC1350, the TFTP protocol specifies that ports available to data channels range from 0 to 65535. However, not all these ports are used by the TFTP daemon processes of different applications. You can configure a smaller range of ports for the TFTP daemon.
The following figure provides an example of the security group rule configuration if the ports used by data channels range from 60001 to 60100.
.. figure:: /_static/images/en-us_image_0129473334.png
:alt: **Figure 1** Security group rules
**Figure 1** Security group rules

70
umn/source/faq/vpcs_and_subnets/why_cant_i_delete_my_vpcs_and_subnets.rst
View File

@ -75,37 +75,39 @@ Before deleting a VPC, ensure that all subnets in the VPC have been deleted. You
.. table:: **Table 2** Deleting VPCs
+---------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------+
| Prompts | Cause | Solution |
+===========================================================================================================================+=========================================================================================================================+===============================================================================================================+
| You do not have permission to perform this operation. | Your account does not have permissions to delete VPCs. | Contact the account administrator to grant permissions to your account and then delete the VPC. |
+---------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------+
| Delete the VPC endpoint service or the route configured for the service from the VPC route table and then delete the VPC. | The VPC route table has custom routes. | Delete the custom routes and then delete the VPC. |
| | | |
| | | #. In the VPC list, locate the row that contains the VPC and click the number in the **Route Tables** column. |
| | | |
| | | The route table list is displayed. |
| | | |
| | | #. :ref:`Deleting a Route <vpc_route01_0012>` |
+---------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------+
| | The VPC is being used by a VPC endpoint service. | Search for the VPC endpoint service on the VPC endpoint service console and delete it. |
+---------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------+
| This VPC cannot be deleted because it has associated resources. | The VPC is being used by the following resources: | Click the resource name hyperlink as prompted to delete the resource. |
| | | |
| | - Subnet | - :ref:`Table 1 <vpc_faq_0075__table4284113316400>` |
| | - VPC peering connection | - :ref:`Deleting a VPC Peering Connection <vpc_peering_0003>` |
| | - Custom route table | - :ref:`Deleting a Route Table <vpc_route01_0010>` |
+---------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------+
| Delete the virtual gateway that is using the VPC and then delete the VPC. | The VPC is being used by a Direct Connect virtual gateway. | On the Direct Connect console, locate the virtual gateway and delete it. |
+---------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------+
| Delete all custom security groups in this region and then delete this last VPC. | In the current region, this is the last VPC and there are custom security groups. | Delete all custom security groups and then delete the VPC. |
| | | |
| | .. important:: | :ref:`Deleting a Security Group <vpc_securitygroup_0008>` |
| | | |
| | NOTICE: | |
| | You only need to delete the custom security groups. The default security group does not affect the deletion of VPCs. | |
+---------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------+
| Release all EIPs in this region and then delete this last VPC. | In the current region, this is the last VPC and there are EIPs. | Release all EIPs and then delete the VPC. |
| | | |
| | | :ref:`Unbinding an EIP from an ECS and Releasing the EIP <vpc_eip_0001>` |
+---------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------+
+---------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------+
| Prompts | Cause | Solution | |
+===========================================================================================================================+=========================================================================================================================+===============================================================================================================+===========================================================+
| You do not have permission to perform this operation. | Your account does not have permissions to delete VPCs. | Contact the account administrator to grant permissions to your account and then delete the VPC. | |
+---------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------+
| Delete the VPC endpoint service or the route configured for the service from the VPC route table and then delete the VPC. | The VPC route table has custom routes. | Delete the custom routes and then delete the VPC. | |
| | | | |
| | | #. In the VPC list, locate the row that contains the VPC and click the number in the **Route Tables** column. | |
| | | | |
| | | The route table list is displayed. | |
| | | | |
| | | #. :ref:`Deleting a Route <vpc_route01_0012>` | |
+---------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------+
| | The VPC is being used by a VPC endpoint service. | Search for the VPC endpoint service on the VPC endpoint service console and delete it. | |
+---------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------+
| This VPC cannot be deleted because it has associated resources. | The VPC is being used by the following resources: | Click the resource name hyperlink as prompted to delete the resource. | |
| | | | |
| | - Subnet | - :ref:`Table 1 <vpc_faq_0075__table4284113316400>` | |
| | - VPC peering connection | - :ref:`Deleting a VPC Peering Connection <vpc_peering_0003>` | |
| | - Custom route table | - :ref:`Deleting a Route Table <vpc_route01_0010>` | |
+---------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------+
| Delete the virtual gateway that is using the VPC and then delete the VPC. | The VPC is being used by a Direct Connect virtual gateway. | On the Direct Connect console, locate the virtual gateway and delete it. | |
+---------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------+
| Delete the VPN gateway that is using the VPC and then delete the VPC. | Delete the VPN gateway that is using the VPC and then delete the VPC. | The VPC is being used by a VPN gateway. | On the VPN console, locate the VPN gateway and delete it. |
+---------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------+
| Delete all custom security groups in this region and then delete this last VPC. | In the current region, this is the last VPC and there are custom security groups. | Delete all custom security groups and then delete the VPC. | |
| | | | |
| | .. important:: | :ref:`Deleting a Security Group <vpc_securitygroup_0008>` | |
| | | | |
| | NOTICE: | | |
| | You only need to delete the custom security groups. The default security group does not affect the deletion of VPCs. | | |
+---------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------+
| Release all EIPs in this region and then delete this last VPC. | In the current region, this is the last VPC and there are EIPs. | Release all EIPs and then delete the VPC. | |
| | | | |
| | | :ref:`Unbinding an EIP from an ECS and Releasing the EIP <vpc_eip_0001>` | |
+---------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------+

4
umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/step_5_add_a_security_group_rule.rst
View File

@ -87,8 +87,6 @@ Procedure
| | - All IP addresses: 0.0.0.0/0 | |
| | - IP address range: 192.168.1.0/24 | |
| | | |
| | - Security group: sg-A | |
| | | |
| | If the source is a security group, this rule will apply to all instances associated with the selected security group. | |
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Description | Supplementary information about the security group rule. This parameter is optional. | N/A |
@ -137,8 +135,6 @@ Procedure
| | - Single IP address: 192.168.10.10/32 | |
| | - All IP addresses: 0.0.0.0/0 | |
| | - IP address range: 192.168.1.0/24 | |
| | | |
| | - Security group: sg-A | |
+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Description | Supplementary information about the security group rule. This parameter is optional. | N/A |
| | | |

4
umn/source/getting_started/configuring_a_vpc_for_ecss_that_do_not_require_internet_access/step_4_add_a_security_group_rule.rst
View File

@ -87,8 +87,6 @@ Procedure
| | - All IP addresses: 0.0.0.0/0 | |
| | - IP address range: 192.168.1.0/24 | |
| | | |
| | - Security group: sg-A | |
| | | |
| | If the source is a security group, this rule will apply to all instances associated with the selected security group. | |
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Description | Supplementary information about the security group rule. This parameter is optional. | N/A |
@ -137,8 +135,6 @@ Procedure
| | - Single IP address: 192.168.10.10/32 | |
| | - All IP addresses: 0.0.0.0/0 | |
| | - IP address range: 192.168.1.0/24 | |
| | | |
| | - Security group: sg-A | |
+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Description | Supplementary information about the security group rule. This parameter is optional. | N/A |
| | | |

2
umn/source/permissions_management/vpc_custom_policies.rst
View File

@ -12,7 +12,7 @@ You can create custom policies in either of the following ways:
- Visual editor: Select cloud services, actions, resources, and request conditions. This does not require knowledge of policy syntax.
- JSON: Edit JSON policies from scratch or based on an existing policy.
For operation details, see `Creating a Custom Policy <https://docs.otc.t-systems.com/usermanual/iam/en-us_topic_0274187246.html>`__. The following section contains examples of common VPC custom policies.
For operation details, see `Creating a Custom Policy <https://docs.otc.t-systems.com/identity-access-management/umn/user_guide/permissions/creating_a_custom_policy.html>`__. The following section contains examples of common VPC custom policies.
Example Custom Policies
-----------------------

2
umn/source/route_tables/route_tables_and_routes.rst
View File

@ -23,7 +23,7 @@ A route table contains a set of routes that are used to determine where network
- Custom route table: If you do not want to use the default route table, you can create a custom route table and associate it with the subnet. Custom route tables can be deleted if they are no longer required.
The custom route table associated with a subnet affects only the outbound traffic. The default route table controls the inbound traffic.
The custom route table associated with a subnet affects only the outbound traffic. The default route table of a subnet controls the inbound traffic.
Route
-----

2
umn/source/service_overview/basic_concepts/route_table.rst
View File

@ -23,7 +23,7 @@ A route table contains a set of routes that are used to determine where network
- Custom route table: If you do not want to use the default route table, you can create a custom route table and associate it with the subnet. Custom route tables can be deleted if they are no longer required.
The custom route table associated with a subnet affects only the outbound traffic. The default route table controls the inbound traffic.
The custom route table associated with a subnet affects only the outbound traffic. The default route table of a subnet controls the inbound traffic.
Route
-----

2
umn/source/service_overview/basic_concepts/security_group.rst
View File

@ -5,7 +5,7 @@
Security Group
==============
A security group is a collection of access control rules for cloud resources, such as cloud servers, containers, and databases, that have the same security protection requirements and that are mutually trusted. After a security group is created, you can create various access rules for the security group, these rules will apply to all cloud resources added to this security group.
A security group is a collection of access control rules for cloud resources, such as cloud servers, containers, and databases, that have the same security protection requirements and that are mutually trusted. After a security group is created, you can create various access rules for the security group and these rules will apply to all cloud resources added to this security group.
Like whitelists, security group rules work as follows:

2
umn/source/service_overview/basic_concepts/vpc_peering_connection.rst
View File

@ -5,7 +5,7 @@
VPC Peering Connection
======================
A VPC peering connection is a networking connection between two VPCs and enables them to communicate using private IP addresses. The VPCs to be peered can be in the same account or different accounts, but must be in the same region.
A VPC peering connection is a networking connection that connects two VPCs for them to communicate using private IP addresses. The VPCs to be peered can be in the same account or different accounts, but must be in the same region.
- You can use VPC peering connections to build networks in different scenarios. For details, see :ref:`VPC Peering Connection Usage Examples <en-us_topic_0046809840>`.

206
umn/source/virtual_ip_address/binding_a_virtual_ip_address_to_an_eip_or_ecs.rst
View File

File diff suppressed because it is too large Load Diff

2
umn/source/vpc_and_subnet/vpc/managing_vpc_tags.rst
View File

@ -53,7 +53,7 @@ Procedure
The **Virtual Private Cloud** page is displayed.
#. In the search box above the subnet list, click the search box.
#. In the search box above the VPC list, click anywhere in the search box.
Click the tag key and then the value as required. The system filters resources based on the tag you select.

8
umn/source/vpc_flow_log/enabling_or_disabling_vpc_flow_log.rst
View File

@ -8,7 +8,13 @@ Enabling or Disabling VPC Flow Log
Scenarios
---------
After a VPC flow log is created, the VPC flow log is automatically enabled. If you do not need to record traffic data, you can disable the corresponding VPC flow log. The disabled VPC flow log can be enabled again.
After a VPC flow log is created, the VPC flow log is automatically enabled. If you do not need to record flow log data, you can disable the corresponding VPC flow log. A disabled VPC flow log can be enabled again.
Notes and Constraints
---------------------
- After a VPC flow log is enabled, the system starts to collect flow logs in the next log collection period.
- After a VPC flow log is disabled, the system stops collecting flow logs in the next log collection period. Generated flow logs will still be reported.
Procedure
---------

11
umn/source/vpc_peering_connection/creating_a_vpc_peering_connection_with_a_vpc_in_another_account.rst
View File

@ -14,10 +14,13 @@ This following describes how to create a VPC peering connection between VPC-A in
Procedure:
#. :ref:`Step 1: Create a VPC Peering Connection <en-us_topic_0046655038__section14616192294815>`
#. :ref:`Step 2: Peer Account Accepts the VPC Peering Connection Request <en-us_topic_0046655038__section497322311429>`
#. :ref:`Step 3: Add Routes for the VPC Peering Connection <en-us_topic_0046655038__section519111175712>`
#. :ref:`Step 4: Verify Network Connectivity <en-us_topic_0046655038__section920942154519>`
:ref:`Step 1: Create a VPC Peering Connection <en-us_topic_0046655038__section14616192294815>`
:ref:`Step 2: Peer Account Accepts the VPC Peering Connection Request <en-us_topic_0046655038__section497322311429>`
:ref:`Step 3: Add Routes for the VPC Peering Connection <en-us_topic_0046655038__section519111175712>`
:ref:`Step 4: Verify Network Connectivity <en-us_topic_0046655038__section920942154519>`
.. figure:: /_static/images/en-us_image_0000001464757610.png

8
umn/source/vpc_peering_connection/creating_a_vpc_peering_connection_with_another_vpc_in_your_account.rst
View File

@ -14,9 +14,11 @@ This following describes how to create a VPC peering connection between VPC-A an
Procedure:
#. :ref:`Step 1: Create a VPC Peering Connection <en-us_topic_0046655037__section143383585438>`
#. :ref:`Step 2: Add Routes for the VPC Peering Connection <en-us_topic_0046655037__section19655123018712>`
#. :ref:`Step 3: Verify Network Connectivity <en-us_topic_0046655037__section026312306414>`
:ref:`Step 1: Create a VPC Peering Connection <en-us_topic_0046655037__section143383585438>`
:ref:`Step 2: Add Routes for the VPC Peering Connection <en-us_topic_0046655037__section19655123018712>`
:ref:`Step 3: Verify Network Connectivity <en-us_topic_0046655037__section026312306414>`
.. figure:: /_static/images/en-us_image_0000001512876289.png

2
umn/source/vpc_peering_connection/vpc_peering_connection_overview.rst
View File

@ -8,7 +8,7 @@ VPC Peering Connection Overview
What Is a VPC Peering Connection?
---------------------------------
A VPC peering connection is a networking connection between two VPCs and enables them to communicate using private IP addresses. The VPCs to be peered can be in the same account or different accounts, but must be in the same region.
A VPC peering connection is a networking connection that connects two VPCs for them to communicate using private IP addresses. The VPCs to be peered can be in the same account or different accounts, but must be in the same region.
- You can use VPC peering connections to build networks in different scenarios. For details, see :ref:`VPC Peering Connection Usage Examples <en-us_topic_0046809840>`.