sgode/virtual-private-cloud
1
0
Fork 0
forked from docs/virtual-private-cloud
Code Pull Requests Activity

Update content

Browse Source
This commit is contained in:
OpenTelekomCloud Proposal Bot 2023-07-20 02:21:39 +00:00 committed by Hajba, László Antal
parent 4051c527ba
commit 535dec16e2
43 changed files with 792 additions and 632 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
umn/source/_static/images/en-us_image_0000001572300492.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 128 B

12
umn/source/change_history.rst
View File

@ -8,6 +8,18 @@ Change History
+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Released On | Description |
+===================================+====================================================================================================================================================================================================================================================================================================================================+
| 2023-07-18 | This release incorporates the following changes: |
| | |
| | Updated the following content: |
| | |
| | Added description about enabling shared SNAT using an API in :ref:`Shared SNAT <vpc_concepts_0010>`. |
+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| 2023-06-12 | This release incorporates the following changes: |
| | |
| | Updated the following content: |
| | |
| | Added description about viewing monitoring metrics in :ref:`Viewing Metrics <vpc010013>`. |
+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| 2023-05-26 | This release incorporates the following changes: |
| | |
| | Added the following section: |

2
umn/source/elastic_ip/assigning_an_eip_and_binding_it_to_an_ecs.rst
View File

@ -67,8 +67,6 @@ Assigning an EIP
| Enterprise Project | The enterprise project that the EIP belongs to. | default |
| | | |
| | An enterprise project facilitates project-level management and grouping of cloud resources and users. The name of the default project is **default**. | |
| | | |
| | For details about creating and managing enterprise projects, see the *Enterprise Management User Guide*. | |
+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Bandwidth Name | The name of the bandwidth. | bandwidth |
+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+

2
umn/source/faq/eips/how_do_i_access_an_ecs_with_an_eip_bound_from_the_internet.rst
View File

@ -7,7 +7,7 @@ How Do I Access an ECS with an EIP Bound from the Internet?
Each ECS is automatically added to a security group after being created to ensure its security. The security group denies access traffic from the Internet by default. To allow external access to ECSs in the security group, add an inbound rule to the security group.
You can set **Protocol** to **TCP**, **UDP**, **ICMP**, or **All** as required on the page for creating a security group rule.
You can set **Protocol** to **TCP**, **UDP**, **ICMP**, **GRE**, or **All** as required on the page for creating a security group rule.
- If your ECS needs to be accessible over the Internet and you know the IP address used to access the ECS, set **Source** to the IP address range containing the IP address.

14
umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/index.rst
View File

@ -28,7 +28,7 @@ Configuring a VPC for ECSs That Access the Internet Using EIPs
| | | | |
| | | The name can contain a maximum of 64 characters, which may consist of letters, digits, underscores (_), hyphens (-), and periods (.). The name cannot contain spaces. | |
+-------------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+
| Basic Information | CIDR Block | The CIDR block of the VPC. The CIDR block of a subnet can be the same as the CIDR block for the VPC (for a single subnet in the VPC) or a subset of the CIDR block for the VPC (for multiple subnets in the VPC). | 192.168.0.0/16 |
| Basic Information | IPv4 CIDR Block | The CIDR block of the VPC. The CIDR block of a subnet can be the same as the CIDR block for the VPC (for a single subnet in the VPC) or a subset of the CIDR block for the VPC (for multiple subnets in the VPC). | 192.168.0.0/16 |
| | | | |
| | | The following CIDR blocks are supported: | |
| | | | |
@ -41,8 +41,6 @@ Configuring a VPC for ECSs That Access the Internet Using EIPs
| Basic Information | Enterprise Project | The enterprise project to which the VPC belongs. | default |
| | | | |
| | | An enterprise project facilitates project-level management and grouping of cloud resources and users. The name of the default project is **default**. | |
| | | | |
| | | For details about creating and managing enterprise projects, see the *Enterprise Management User Guide*. | |
+-------------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+
| Basic Information/Advanced Settings | Tag | The VPC tag, which consists of a key and value pair. You can add a maximum of 20 tags to each VPC. | - Key: vpc_key1 |
| | | | - Value: vpc-01 |
@ -83,11 +81,11 @@ Configuring a VPC for ECSs That Access the Internet Using EIPs
.. table:: **Table 2** VPC tag key and value requirements
+-----------------------+----------------------------------------------------------------------------+-----------------------+
+-----------------------+------------------------------------------------------------------------+-----------------------+
| Parameter | Requirements | Example Value |
+=======================+============================================================================+=======================+
+=======================+========================================================================+=======================+
| Key | - Cannot be left blank. | vpc_key1 |
| | - Must be unique for the same VPC and can be the same for different VPCs. | |
| | - Must be unique for each VPC and can be the same for different VPCs. | |
| | - Can contain a maximum of 36 characters. | |
| | - Can contain only the following character types: | |
| | | |
@ -95,7 +93,7 @@ Configuring a VPC for ECSs That Access the Internet Using EIPs
| | - Lowercase letters | |
| | - Digits | |
| | - Special characters, including hyphens (-) and underscores (_) | |
+-----------------------+----------------------------------------------------------------------------+-----------------------+
+-----------------------+------------------------------------------------------------------------+-----------------------+
| Value | - Can contain a maximum of 43 characters. | vpc-01 |
| | - Can contain only the following character types: | |
| | | |
@ -103,7 +101,7 @@ Configuring a VPC for ECSs That Access the Internet Using EIPs
| | - Lowercase letters | |
| | - Digits | |
| | - Special characters, including hyphens (-) and underscores (_) | |
+-----------------------+----------------------------------------------------------------------------+-----------------------+
+-----------------------+------------------------------------------------------------------------+-----------------------+
.. _en-us_topic_0017816228__en-us_topic_0013935842_table6536185812515:

14
umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/step_1_create_a_vpc.rst
View File

@ -38,7 +38,7 @@ Procedure
| | | | |
| | | The name can contain a maximum of 64 characters, which may consist of letters, digits, underscores (_), hyphens (-), and periods (.). The name cannot contain spaces. | |
+-------------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+
| Basic Information | CIDR Block | The CIDR block of the VPC. The CIDR block of a subnet can be the same as the CIDR block for the VPC (for a single subnet in the VPC) or a subset of the CIDR block for the VPC (for multiple subnets in the VPC). | 192.168.0.0/16 |
| Basic Information | IPv4 CIDR Block | The CIDR block of the VPC. The CIDR block of a subnet can be the same as the CIDR block for the VPC (for a single subnet in the VPC) or a subset of the CIDR block for the VPC (for multiple subnets in the VPC). | 192.168.0.0/16 |
| | | | |
| | | The following CIDR blocks are supported: | |
| | | | |
@ -51,8 +51,6 @@ Procedure
| Basic Information | Enterprise Project | The enterprise project to which the VPC belongs. | default |
| | | | |
| | | An enterprise project facilitates project-level management and grouping of cloud resources and users. The name of the default project is **default**. | |
| | | | |
| | | For details about creating and managing enterprise projects, see the *Enterprise Management User Guide*. | |
+-------------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+
| Basic Information/Advanced Settings | Tag | The VPC tag, which consists of a key and value pair. You can add a maximum of 20 tags to each VPC. | - Key: vpc_key1 |
| | | | - Value: vpc-01 |
@ -93,11 +91,11 @@ Procedure
.. table:: **Table 2** VPC tag key and value requirements
+-----------------------+----------------------------------------------------------------------------+-----------------------+
+-----------------------+------------------------------------------------------------------------+-----------------------+
| Parameter | Requirements | Example Value |
+=======================+============================================================================+=======================+
+=======================+========================================================================+=======================+
| Key | - Cannot be left blank. | vpc_key1 |
| | - Must be unique for the same VPC and can be the same for different VPCs. | |
| | - Must be unique for each VPC and can be the same for different VPCs. | |
| | - Can contain a maximum of 36 characters. | |
| | - Can contain only the following character types: | |
| | | |
@ -105,7 +103,7 @@ Procedure
| | - Lowercase letters | |
| | - Digits | |
| | - Special characters, including hyphens (-) and underscores (_) | |
+-----------------------+----------------------------------------------------------------------------+-----------------------+
+-----------------------+------------------------------------------------------------------------+-----------------------+
| Value | - Can contain a maximum of 43 characters. | vpc-01 |
| | - Can contain only the following character types: | |
| | | |
@ -113,7 +111,7 @@ Procedure
| | - Lowercase letters | |
| | - Digits | |
| | - Special characters, including hyphens (-) and underscores (_) | |
+-----------------------+----------------------------------------------------------------------------+-----------------------+
+-----------------------+------------------------------------------------------------------------+-----------------------+
.. _vpc_qs_0009__en-us_topic_0013935842_table6536185812515:

32
umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/step_2_create_a_subnet_for_the_vpc.rst
View File

@ -37,33 +37,37 @@ Procedure
.. table:: **Table 1** Parameter descriptions
+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
+--------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Parameter | Description | Example Value |
+========================+=============================================================================================================================================================================================================================================+=======================+
+======================================+=============================================================================================================================================================================================================================================+=======================+
| VPC | The VPC for which you want to create a subnet. | ``-`` |
+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
+--------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Name | The subnet name. | Subnet |
| | | |
| | The name can contain a maximum of 64 characters, which may consist of letters, digits, underscores (_), hyphens (-), and periods (.). The name cannot contain spaces. | |
+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
+--------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| CIDR Block | The CIDR block for the subnet. This value must be within the VPC CIDR block. | 192.168.0.0/24 |
+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
+--------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Associated Route Table | The default route table to which the subnet will be associated. You can change the route table to a custom route table on the **Subnets** page. | Default |
+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Gateway | The gateway address of the subnet. | 192.168.0.1 |
+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| DNS Server Address | By default, two DNS server addresses are configured. You can change them if necessary. A maximum of five DNS server addresses can be configured. Multiple IP addresses must be separated using commas (,). | 100.125.x.x |
+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| NTP Server Address | The IP address of the NTP server. This parameter is optional. | 192.168.2.1 |
+--------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Advanced Settings/Gateway | The gateway address of the subnet. | 192.168.0.1 |
+--------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Advanced Settings/DNS Server Address | By default, two DNS server addresses are configured. You can change them if necessary. A maximum of five DNS server addresses can be configured. Multiple IP addresses must be separated using commas (,). | 100.125.x.x |
+--------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Advanced Settings/NTP Server Address | The IP address of the NTP server. This parameter is optional. | 192.168.2.1 |
| | | |
| | You can configure the NTP server IP addresses to be added to the subnet as required. The IP addresses are added in addition to the default NTP server addresses. If this parameter is left empty, no IP address of the NTP server is added. | |
| | | |
| | A maximum of four IP addresses can be configured. Multiple IP addresses must be separated using commas (,). | |
+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Tag | The subnet tag, which consists of a key and value pair. You can add a maximum of 20 tags to each subnet. | - Key: subnet_key1 |
+--------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Advanced Settings/Tag | The subnet tag, which consists of a key and value pair. You can add a maximum of 20 tags to each subnet. | - Key: subnet_key1 |
| | | - Value: subnet-01 |
| | The tag key and value must meet the requirements listed in :ref:`Table 2 <vpc_qs_0010__en-us_topic_0013748726_table42131827173915>`. | |
+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
+--------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Advanced Settings/Description | Supplementary information about the subnet. This parameter is optional. | ``-`` |
| | | |
| | The subnet description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | |
+--------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
.. _vpc_qs_0010__en-us_topic_0013748726_table42131827173915:

2
umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/step_3_assign_an_eip_and_bind_it_to_an_ecs.rst
View File

@ -67,8 +67,6 @@ Assigning an EIP
| Enterprise Project | The enterprise project that the EIP belongs to. | default |
| | | |
| | An enterprise project facilitates project-level management and grouping of cloud resources and users. The name of the default project is **default**. | |
| | | |
| | For details about creating and managing enterprise projects, see the *Enterprise Management User Guide*. | |
+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Bandwidth Name | The name of the bandwidth. | bandwidth |
+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+

36
umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/step_4_create_a_security_group.rst
View File

@ -8,11 +8,7 @@ Step 4: Create a Security Group
Scenarios
---------
You can create security groups and add ECSs in a VPC to different security groups to improve ECS access security. We recommend that you allocate ECSs that have different Internet access requirements to different security groups.
Each ECS must be associated with at least one security group. If you have no security group when creating an ECS, the system provides a default security group.
You have an option to create a new security group for the ECS. This section describes how to create a security group on the management console.
A security group is a collection of access control rules to control the traffic that is allowed to reach and leave the cloud resources that it is associated with. The cloud resources can be cloud servers, containers, databases, and more. A security group consists of inbound and outbound rules.
Procedure
---------
@ -25,9 +21,13 @@ Procedure
#. In the navigation pane on the left, choose **Access Control** > **Security Groups**.
#. On the **Security Groups** page, click **Create Security Group**.
The security group list is displayed.
#. In the **Create Security Group** area, set the parameters as prompted. :ref:`Table 1 <vpc_qs_0012__en-us_topic_0013748715_table65377617111335>` lists the parameters to be configured.
#. In the upper right corner, click **Create Security Group**.
The **Create Security Group** page is displayed.
#. Configure the parameters as prompted.
.. figure:: /_static/images/en-us_image_0000001197426329.png
@ -35,14 +35,14 @@ Procedure
**Figure 1** Create Security Group
.. _vpc_qs_0012__en-us_topic_0013748715_table65377617111335:
.. table:: **Table 1** Parameter description
+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------+
| Parameter | Description | Example Value |
+=======================+=======================================================================================================================================================================================================================================================+============================+
| Name | The security group name. This parameter is mandatory. | sg-318b |
| Name | Mandatory | sg-AB |
| | | |
| | Enter the security group name. | |
| | | |
| | The security group name can contain a maximum of 64 characters, which may consist of letters, digits, underscores (_), hyphens (-), and periods (.). The name cannot contain spaces. | |
| | | |
@ -50,24 +50,28 @@ Procedure
| | | |
| | You can change the security group name after a security group is created. It is recommended that you give each security group a different name. | |
+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------+
| Enterprise Project | When creating a security group, you can add the security group to an enabled enterprise project. | default |
| Enterprise Project | Mandatory | default |
| | | |
| | When creating a security group, you can add the security group to an enabled enterprise project. | |
| | | |
| | An enterprise project facilitates project-level management and grouping of cloud resources and users. The name of the default project is **default**. | |
| | | |
| | For details about creating and managing enterprise projects, see the *Enterprise Management User Guide*. | |
+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------+
| Template | A template comes with default security group rules, helping you quickly create security groups. The following templates are provided: | General-purpose web server |
| Template | Mandatory | General-purpose web server |
| | | |
| | A template comes with default security group rules, helping you quickly create security groups. The following templates are provided: | |
| | | |
| | - **Custom**: This template allows you to create security groups with custom security group rules. | |
| | - **General-purpose web server**: The security group that you create using this template is for general-purpose web servers and includes default rules that allow all inbound ICMP traffic and allow inbound traffic on ports 22, 80, 443, and 3389. | |
| | - **All ports open**: The security group that you create using this template includes default rules that allow inbound traffic on any port. Note that allowing inbound traffic on any port poses security risks. | |
+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------+
| Description | Supplementary information about the security group. This parameter is optional. | N/A |
| Description | Optional | N/A |
| | | |
| | Supplementary information about the security group. This parameter is optional. | |
| | | |
| | The security group description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | |
+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------+
#. Click **OK**.
#. Confirm the inbound and outbound rules of the template and click **OK**.
.. |image1| image:: /_static/images/en-us_image_0141273034.png
.. |image2| image:: /_static/images/en-us_image_0000001500905066.png

49
umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/step_5_add_a_security_group_rule.rst
View File

@ -8,14 +8,21 @@ Step 5: Add a Security Group Rule
Scenarios
---------
A security group is a collection of access control rules for cloud resources, such as cloud servers, containers, and databases, to control inbound and outbound traffic. Cloud resources associated with the same security group have the same security requirements and are mutually trusted within a VPC.
A security group is a collection of access control rules to control the traffic that is allowed to reach and leave the cloud resources that it is associated with. The cloud resources can be cloud servers, containers, databases, and more. A security group consists of inbound and outbound rules.
If the rules of the security group associated with your instance cannot meet your requirements, for example, you need to allow inbound traffic on a specified TCP port, you can add an inbound rule.
Like whitelists, security group rules work as follows:
- Inbound rules control incoming traffic to cloud resources in the security group.
- Outbound rules control outgoing traffic from cloud resources in the security group.
- Inbound rules control incoming traffic to instances in the security group. If an inbound request matches the source in an inbound security group rule with **Action** set to **Allow**, the request is allowed.
For details about the default security group rules, see :ref:`Default Security Groups and Security Group Rules <securitygroup_0003>`. For details about security group rule configuration examples, see :ref:`Security Group Configuration Examples <en-us_topic_0081124350>`.
Unless otherwise specified, you do not need to configure deny rules in the inbound direction because requests that do not match allow rules will be denied.
- Outbound rules control outgoing traffic from instances in the security group. If the destination of an outbound security group rule with **Action** set to **Allow** is 0.0.0.0/0, all outbound requests are allowed.
0.0.0.0/0 represents all IPv4 addresses.
::/0 represents all IPv6 addresses.
If the rules of the security group associated with your instance cannot meet your requirements, for example, you need to allow inbound traffic on a specific TCP port, you can add an inbound rule to allow traffic on the TCP port.
Procedure
---------
@ -28,9 +35,17 @@ Procedure
#. In the navigation pane on the left, choose **Access Control** > **Security Groups**.
#. On the **Security Groups** page, locate the target security group and click **Manage Rule** in the **Operation** column to switch to the page for managing inbound and outbound rules.
The security group list is displayed.
#. On the **Inbound Rules** tab, click **Add Rule**. In the displayed dialog box, set required parameters to add an inbound rule.
#. Locate the row that contains the target security group, click **Manage Rule** in the **Operation** column.
The page for configuring security group rules is displayed.
#. On the **Inbound Rules** tab, click **Add Rule**.
The **Add Inbound Rule** dialog box is displayed.
#. Configure required parameters.
You can click **+** to add more inbound rules.
@ -45,12 +60,12 @@ Procedure
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Parameter | Description | Example Value |
+=======================+==========================================================================================================================================================================+=======================+
| Type | IPv4 | IPv4 |
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Protocol & Port | **Protocol**: The network protocol. Currently, the value can be **All**, **TCP**, **UDP**, **ICMP**, **GRE**, or others. | TCP |
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| | **Port**: The port or port range over which the traffic can reach your ECS. The value ranges from 1 to 65535. | 22, or 22-30 |
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Type | IPv4 | IPv4 |
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Source | Source of the security group rule. The value can be an IP address or a security group to allow access from IP addresses or instances in the security group. For example: | 0.0.0.0/0 |
| | | |
| | - IP address: | |
@ -68,7 +83,15 @@ Procedure
| | The security group rule description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | |
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
#. On the **Outbound Rules** tab, click **Add Rule**. In the displayed dialog box, set required parameters to add an outbound rule.
#. Click **OK**.
The inbound rule list is displayed.
#. On the **Outbound Rules** tab, click **Add Rule**.
The **Add Outbound Rule** dialog box is displayed.
#. Configure required parameters.
You can click **+** to add more outbound rules.
@ -83,12 +106,12 @@ Procedure
+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Parameter | Description | Example Value |
+=======================+=============================================================================================================================================================================+=======================+
| Type | IPv4 | IPv4 |
+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Protocol & Port | **Protocol**: The network protocol. Currently, the value can be **All**, **TCP**, **UDP**, **ICMP**, **GRE**, or others. | TCP |
+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| | **Port**: The port or port range over which the traffic can leave your ECS. The value ranges from 1 to 65535. | 22, or 22-30 |
+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Type | IPv4 | IPv4 |
+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Destination | Destination of the security group rule. The value can be an IP address or a security group to allow access to IP addresses or instances in the security group. For example: | 0.0.0.0/0 |
| | | |
| | - IP address: | |
@ -106,5 +129,7 @@ Procedure
#. Click **OK**.
The outbound rule list is displayed.
.. |image1| image:: /_static/images/en-us_image_0141273034.png
.. |image2| image:: /_static/images/en-us_image_0000001500905066.png

14
umn/source/getting_started/configuring_a_vpc_for_ecss_that_do_not_require_internet_access/step_1_create_a_vpc.rst
View File

@ -38,7 +38,7 @@ Procedure
| | | | |
| | | The name can contain a maximum of 64 characters, which may consist of letters, digits, underscores (_), hyphens (-), and periods (.). The name cannot contain spaces. | |
+-------------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+
| Basic Information | CIDR Block | The CIDR block of the VPC. The CIDR block of a subnet can be the same as the CIDR block for the VPC (for a single subnet in the VPC) or a subset of the CIDR block for the VPC (for multiple subnets in the VPC). | 192.168.0.0/16 |
| Basic Information | IPv4 CIDR Block | The CIDR block of the VPC. The CIDR block of a subnet can be the same as the CIDR block for the VPC (for a single subnet in the VPC) or a subset of the CIDR block for the VPC (for multiple subnets in the VPC). | 192.168.0.0/16 |
| | | | |
| | | The following CIDR blocks are supported: | |
| | | | |
@ -51,8 +51,6 @@ Procedure
| Basic Information | Enterprise Project | The enterprise project to which the VPC belongs. | default |
| | | | |
| | | An enterprise project facilitates project-level management and grouping of cloud resources and users. The name of the default project is **default**. | |
| | | | |
| | | For details about creating and managing enterprise projects, see the *Enterprise Management User Guide*. | |
+-------------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+
| Basic Information/Advanced Settings | Tag | The VPC tag, which consists of a key and value pair. You can add a maximum of 20 tags to each VPC. | - Key: vpc_key1 |
| | | | - Value: vpc-01 |
@ -93,11 +91,11 @@ Procedure
.. table:: **Table 2** VPC tag key and value requirements
+-----------------------+----------------------------------------------------------------------------+-----------------------+
+-----------------------+------------------------------------------------------------------------+-----------------------+
| Parameter | Requirements | Example Value |
+=======================+============================================================================+=======================+
+=======================+========================================================================+=======================+
| Key | - Cannot be left blank. | vpc_key1 |
| | - Must be unique for the same VPC and can be the same for different VPCs. | |
| | - Must be unique for each VPC and can be the same for different VPCs. | |
| | - Can contain a maximum of 36 characters. | |
| | - Can contain only the following character types: | |
| | | |
@ -105,7 +103,7 @@ Procedure
| | - Lowercase letters | |
| | - Digits | |
| | - Special characters, including hyphens (-) and underscores (_) | |
+-----------------------+----------------------------------------------------------------------------+-----------------------+
+-----------------------+------------------------------------------------------------------------+-----------------------+
| Value | - Can contain a maximum of 43 characters. | vpc-01 |
| | - Can contain only the following character types: | |
| | | |
@ -113,7 +111,7 @@ Procedure
| | - Lowercase letters | |
| | - Digits | |
| | - Special characters, including hyphens (-) and underscores (_) | |
+-----------------------+----------------------------------------------------------------------------+-----------------------+
+-----------------------+------------------------------------------------------------------------+-----------------------+
.. _vpc_qs_0005__en-us_topic_0013935842_table6536185812515:

32
umn/source/getting_started/configuring_a_vpc_for_ecss_that_do_not_require_internet_access/step_2_create_a_subnet_for_the_vpc.rst
View File

@ -37,33 +37,37 @@ Procedure
.. table:: **Table 1** Parameter descriptions
+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
+--------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Parameter | Description | Example Value |
+========================+=============================================================================================================================================================================================================================================+=======================+
+======================================+=============================================================================================================================================================================================================================================+=======================+
| VPC | The VPC for which you want to create a subnet. | ``-`` |
+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
+--------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Name | The subnet name. | Subnet |
| | | |
| | The name can contain a maximum of 64 characters, which may consist of letters, digits, underscores (_), hyphens (-), and periods (.). The name cannot contain spaces. | |
+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
+--------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| CIDR Block | The CIDR block for the subnet. This value must be within the VPC CIDR block. | 192.168.0.0/24 |
+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
+--------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Associated Route Table | The default route table to which the subnet will be associated. You can change the route table to a custom route table on the **Subnets** page. | Default |
+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Gateway | The gateway address of the subnet. | 192.168.0.1 |
+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| DNS Server Address | By default, two DNS server addresses are configured. You can change them if necessary. A maximum of five DNS server addresses can be configured. Multiple IP addresses must be separated using commas (,). | 100.125.x.x |
+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| NTP Server Address | The IP address of the NTP server. This parameter is optional. | 192.168.2.1 |
+--------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Advanced Settings/Gateway | The gateway address of the subnet. | 192.168.0.1 |
+--------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Advanced Settings/DNS Server Address | By default, two DNS server addresses are configured. You can change them if necessary. A maximum of five DNS server addresses can be configured. Multiple IP addresses must be separated using commas (,). | 100.125.x.x |
+--------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Advanced Settings/NTP Server Address | The IP address of the NTP server. This parameter is optional. | 192.168.2.1 |
| | | |
| | You can configure the NTP server IP addresses to be added to the subnet as required. The IP addresses are added in addition to the default NTP server addresses. If this parameter is left empty, no IP address of the NTP server is added. | |
| | | |
| | A maximum of four IP addresses can be configured. Multiple IP addresses must be separated using commas (,). | |
+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Tag | The subnet tag, which consists of a key and value pair. You can add a maximum of 20 tags to each subnet. | - Key: subnet_key1 |
+--------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Advanced Settings/Tag | The subnet tag, which consists of a key and value pair. You can add a maximum of 20 tags to each subnet. | - Key: subnet_key1 |
| | | - Value: subnet-01 |
| | The tag key and value must meet the requirements listed in :ref:`Table 2 <vpc_qs_0006__en-us_topic_0013748726_table42131827173915>`. | |
+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
+--------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Advanced Settings/Description | Supplementary information about the subnet. This parameter is optional. | ``-`` |
| | | |
| | The subnet description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | |
+--------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
.. _vpc_qs_0006__en-us_topic_0013748726_table42131827173915:

36
umn/source/getting_started/configuring_a_vpc_for_ecss_that_do_not_require_internet_access/step_3_create_a_security_group.rst
View File

@ -8,11 +8,7 @@ Step 3: Create a Security Group
Scenarios
---------
You can create security groups and add ECSs in a VPC to different security groups to improve ECS access security. We recommend that you allocate ECSs that have different Internet access requirements to different security groups.
Each ECS must be associated with at least one security group. If you have no security group when creating an ECS, the system provides a default security group.
You have an option to create a new security group for the ECS. This section describes how to create a security group on the management console.
A security group is a collection of access control rules to control the traffic that is allowed to reach and leave the cloud resources that it is associated with. The cloud resources can be cloud servers, containers, databases, and more. A security group consists of inbound and outbound rules.
Procedure
---------
@ -25,9 +21,13 @@ Procedure
#. In the navigation pane on the left, choose **Access Control** > **Security Groups**.
#. On the **Security Groups** page, click **Create Security Group**.
The security group list is displayed.
#. In the **Create Security Group** area, set the parameters as prompted. :ref:`Table 1 <vpc_qs_0007__en-us_topic_0013748715_table65377617111335>` lists the parameters to be configured.
#. In the upper right corner, click **Create Security Group**.
The **Create Security Group** page is displayed.
#. Configure the parameters as prompted.
.. figure:: /_static/images/en-us_image_0000001197426329.png
@ -35,14 +35,14 @@ Procedure
**Figure 1** Create Security Group
.. _vpc_qs_0007__en-us_topic_0013748715_table65377617111335:
.. table:: **Table 1** Parameter description
+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------+
| Parameter | Description | Example Value |
+=======================+=======================================================================================================================================================================================================================================================+============================+
| Name | The security group name. This parameter is mandatory. | sg-318b |
| Name | Mandatory | sg-AB |
| | | |
| | Enter the security group name. | |
| | | |
| | The security group name can contain a maximum of 64 characters, which may consist of letters, digits, underscores (_), hyphens (-), and periods (.). The name cannot contain spaces. | |
| | | |
@ -50,24 +50,28 @@ Procedure
| | | |
| | You can change the security group name after a security group is created. It is recommended that you give each security group a different name. | |
+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------+
| Enterprise Project | When creating a security group, you can add the security group to an enabled enterprise project. | default |
| Enterprise Project | Mandatory | default |
| | | |
| | When creating a security group, you can add the security group to an enabled enterprise project. | |
| | | |
| | An enterprise project facilitates project-level management and grouping of cloud resources and users. The name of the default project is **default**. | |
| | | |
| | For details about creating and managing enterprise projects, see the *Enterprise Management User Guide*. | |
+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------+
| Template | A template comes with default security group rules, helping you quickly create security groups. The following templates are provided: | General-purpose web server |
| Template | Mandatory | General-purpose web server |
| | | |
| | A template comes with default security group rules, helping you quickly create security groups. The following templates are provided: | |
| | | |
| | - **Custom**: This template allows you to create security groups with custom security group rules. | |
| | - **General-purpose web server**: The security group that you create using this template is for general-purpose web servers and includes default rules that allow all inbound ICMP traffic and allow inbound traffic on ports 22, 80, 443, and 3389. | |
| | - **All ports open**: The security group that you create using this template includes default rules that allow inbound traffic on any port. Note that allowing inbound traffic on any port poses security risks. | |
+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------+
| Description | Supplementary information about the security group. This parameter is optional. | N/A |
| Description | Optional | N/A |
| | | |
| | Supplementary information about the security group. This parameter is optional. | |
| | | |
| | The security group description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | |
+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------+
#. Click **OK**.
#. Confirm the inbound and outbound rules of the template and click **OK**.
.. |image1| image:: /_static/images/en-us_image_0141273034.png
.. |image2| image:: /_static/images/en-us_image_0000001500905066.png

49
umn/source/getting_started/configuring_a_vpc_for_ecss_that_do_not_require_internet_access/step_4_add_a_security_group_rule.rst
View File

@ -8,14 +8,21 @@ Step 4: Add a Security Group Rule
Scenarios
---------
A security group is a collection of access control rules for cloud resources, such as cloud servers, containers, and databases, to control inbound and outbound traffic. Cloud resources associated with the same security group have the same security requirements and are mutually trusted within a VPC.
A security group is a collection of access control rules to control the traffic that is allowed to reach and leave the cloud resources that it is associated with. The cloud resources can be cloud servers, containers, databases, and more. A security group consists of inbound and outbound rules.
If the rules of the security group associated with your instance cannot meet your requirements, for example, you need to allow inbound traffic on a specified TCP port, you can add an inbound rule.
Like whitelists, security group rules work as follows:
- Inbound rules control incoming traffic to cloud resources in the security group.
- Outbound rules control outgoing traffic from cloud resources in the security group.
- Inbound rules control incoming traffic to instances in the security group. If an inbound request matches the source in an inbound security group rule with **Action** set to **Allow**, the request is allowed.
For details about the default security group rules, see :ref:`Default Security Groups and Security Group Rules <securitygroup_0003>`. For details about security group rule configuration examples, see :ref:`Security Group Configuration Examples <en-us_topic_0081124350>`.
Unless otherwise specified, you do not need to configure deny rules in the inbound direction because requests that do not match allow rules will be denied.
- Outbound rules control outgoing traffic from instances in the security group. If the destination of an outbound security group rule with **Action** set to **Allow** is 0.0.0.0/0, all outbound requests are allowed.
0.0.0.0/0 represents all IPv4 addresses.
::/0 represents all IPv6 addresses.
If the rules of the security group associated with your instance cannot meet your requirements, for example, you need to allow inbound traffic on a specific TCP port, you can add an inbound rule to allow traffic on the TCP port.
Procedure
---------
@ -28,9 +35,17 @@ Procedure
#. In the navigation pane on the left, choose **Access Control** > **Security Groups**.
#. On the **Security Groups** page, locate the target security group and click **Manage Rule** in the **Operation** column to switch to the page for managing inbound and outbound rules.
The security group list is displayed.
#. On the **Inbound Rules** tab, click **Add Rule**. In the displayed dialog box, set required parameters to add an inbound rule.
#. Locate the row that contains the target security group, click **Manage Rule** in the **Operation** column.
The page for configuring security group rules is displayed.
#. On the **Inbound Rules** tab, click **Add Rule**.
The **Add Inbound Rule** dialog box is displayed.
#. Configure required parameters.
You can click **+** to add more inbound rules.
@ -45,12 +60,12 @@ Procedure
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Parameter | Description | Example Value |
+=======================+==========================================================================================================================================================================+=======================+
| Type | IPv4 | IPv4 |
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Protocol & Port | **Protocol**: The network protocol. Currently, the value can be **All**, **TCP**, **UDP**, **ICMP**, **GRE**, or others. | TCP |
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| | **Port**: The port or port range over which the traffic can reach your ECS. The value ranges from 1 to 65535. | 22, or 22-30 |
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Type | IPv4 | IPv4 |
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Source | Source of the security group rule. The value can be an IP address or a security group to allow access from IP addresses or instances in the security group. For example: | 0.0.0.0/0 |
| | | |
| | - IP address: | |
@ -68,7 +83,15 @@ Procedure
| | The security group rule description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | |
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
#. On the **Outbound Rules** tab, click **Add Rule**. In the displayed dialog box, set required parameters to add an outbound rule.
#. Click **OK**.
The inbound rule list is displayed.
#. On the **Outbound Rules** tab, click **Add Rule**.
The **Add Outbound Rule** dialog box is displayed.
#. Configure required parameters.
You can click **+** to add more outbound rules.
@ -83,12 +106,12 @@ Procedure
+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Parameter | Description | Example Value |
+=======================+=============================================================================================================================================================================+=======================+
| Type | IPv4 | IPv4 |
+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Protocol & Port | **Protocol**: The network protocol. Currently, the value can be **All**, **TCP**, **UDP**, **ICMP**, **GRE**, or others. | TCP |
+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| | **Port**: The port or port range over which the traffic can leave your ECS. The value ranges from 1 to 65535. | 22, or 22-30 |
+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Type | IPv4 | IPv4 |
+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Destination | Destination of the security group rule. The value can be an IP address or a security group to allow access to IP addresses or instances in the security group. For example: | 0.0.0.0/0 |
| | | |
| | - IP address: | |
@ -106,5 +129,7 @@ Procedure
#. Click **OK**.
The outbound rule list is displayed.
.. |image1| image:: /_static/images/en-us_image_0141273034.png
.. |image2| image:: /_static/images/en-us_image_0000001500905066.png

24
umn/source/monitoring/viewing_metrics.rst
View File

@ -8,19 +8,31 @@ Viewing Metrics
Scenarios
---------
View related metrics to see bandwidth and EIP usage information.
You can view the bandwidth and EIP usage on the **Elastic IP and Bandwidth** or **Cloud Eye** console.
You can view the inbound bandwidth, outbound bandwidth, inbound bandwidth usage, outbound bandwidth usage, inbound traffic, and outbound traffic in a specified period.
Procedure
---------
Procedure (**Elastic IP and Bandwidth** Console)
------------------------------------------------
#. Log in to the management console.
#. Click |image1| in the upper left corner and select the desired region and project.
#. Click |image2| in the upper left corner and choose **Network** > **Elastic IP**.
#. On the **EIPs** page, search for the EIP, click **More** in the **Operation** column, and click **View Metric** to view the monitoring metric details.
#. In the navigation pane on the left, choose **Elastic IP and Bandwidth** > **Shared Bandwidths**.
6. On the **Shared Bandwidths** page, locate the shared bandwidth, click **More** in the **Operation** column, and click **View Metric** to view the monitoring metric details.
Procedure (**Cloud Eye** Console)
---------------------------------
#. Log in to the management console.
2. Click |image1| in the upper left corner and select the desired region and project.
2. Click |image3| in the upper left corner and select the desired region and project.
3. Hover on the upper left corner to display **Service List** and choose **Management & Deployment** > **Cloud Eye**.
4. Click **Cloud Service Monitoring** on the left of the page, and choose **Elastic IP and Bandwidth**.
5. Select the EIP, click **More** in the **Operation** column, and click **View Metric** to view monitoring metric details.
6. Select the shared bandwidth, click **More** in the **Operation** column, and click **View Metric** to view monitoring metric details.
5. Locate the row that contains the target bandwidth or EIP and click **View Metric** in the **Operation** column to check the bandwidth or EIP monitoring information.
.. |image1| image:: /_static/images/en-us_image_0141273034.png
.. |image2| image:: /_static/images/en-us_image_0000001572300492.png
.. |image3| image:: /_static/images/en-us_image_0141273034.png

30
umn/source/permissions_management/creating_a_user_and_granting_vpc_permissions.rst
View File

@ -7,20 +7,20 @@ Creating a User and Granting VPC Permissions
This section describes how to use IAM to implement fine-grained permissions control for your VPC resources. With IAM, you can:
- Create IAM users for employees based on your enterprise's organizational structure. Each IAM user will have their own security credentials for accessing VPC resources.
- Grant only the permissions required for users to perform a specific task.
- Create IAM users for personnel based on your enterprise's organizational structure. Each IAM user has their own identity credentials for accessing VPC resources.
- Grant users only the permissions required to perform a given task based on their job responsibilities.
- Entrust a cloud account or cloud service to perform efficient O&M on your VPC resources.
If your cloud account does not require individual IAM users, skip this section.
If your cloud account meets your permissions requirements, you can skip this section.
This section describes the procedure for granting permissions (see :ref:`Figure 1 <permission_0003__fig1447123814172>`).
:ref:`Figure 1 <permission_0003__fig1447123814172>` shows the process flow for granting permissions.
Prerequisites
-------------
Learn about the permissions (:ref:`Permissions <overview_permission>`) supported by VPC and choose policies or roles according to your requirements.
Before granting permissions to user groups, learn about permissions (:ref:`Permissions <overview_permission>`) for VPC.
For permissions of other services, see .
To grant permissions for other services, learn about all `permissions <https://docs.otc.t-systems.com/permissions/index.html>`__ supported by IAM.
Process Flow
------------
@ -32,19 +32,13 @@ Process Flow
**Figure 1** Process for granting VPC permissions
#. .. _permission_0003__li8447183891715:
#. On the IAM console, `create a user group and assign permissions to it <https://docs.otc.t-systems.com/usermanual/iam/iam_01_0030.html>`__ (**VPC ReadOnlyAccess** as an example).
`Create a user group and assign permissions to it <https://docs.otc.t-systems.com/usermanual/iam/iam_01_0030.html>`__.
#. `Create an IAM user and add it to the created user group <https://docs.otc.t-systems.com/usermanual/iam/iam_01_0031.html>`__.
Create a user group on the IAM console, and assign the **VPC ReadOnlyAccess** policy to the group.
#. `Log in as the IAM user <https://docs.otc.t-systems.com/usermanual/iam/iam_01_0032.html>`__ and verify permissions.
#. `Create an IAM user and add it to the user group <https://docs.otc.t-systems.com/usermanual/iam/iam_01_0031.html>`__.
In the authorized region, perform the following operations:
Create a user on the IAM console and add the user to the group created in :ref:`1 <permission_0003__li8447183891715>`.
#. `Log in <https://docs.otc.t-systems.com/usermanual/iam/iam_01_0032.html>`__ and verify permissions.
Log in to the VPC console by using the user created in 2, and verify that the user only has read permissions for VPC.
- Choose **Service List** > **Virtual Private Cloud**. Then click **Create VPC** on the VPC console. If a message appears indicating that you have insufficient permissions to perform the operation, the **VPC ReadOnlyAccess** policy has already taken effect.
- Choose any other service in **Service List**. If a message appears indicating that you have insufficient permissions to access the service, the **VPC ReadOnlyAccess** policy has already taken effect.
- Choose **Service List** > **Virtual Private Cloud**. Then click **Create VPC** on the VPC console. If a message appears indicating that you have insufficient permissions to perform the operation, the **VPC ReadOnlyAccess** policy is in effect.
- Choose another service from **Service List**. If a message appears indicating that you have insufficient permissions to access the service, the **VPC ReadOnlyAccess** policy is in effect.

2
umn/source/permissions_management/vpc_custom_policies.rst
View File

@ -29,7 +29,7 @@ Example Custom Policies
"Action": [
"
vpc:vpcs:create
vpc:svpcs:list
vpc:vpcs:list
"
]
}

11
umn/source/route_tables/route_table_overview.rst
View File

@ -8,7 +8,7 @@ Route Table Overview
Route Table
-----------
A route table contains a set of routes that are used to determine where network traffic from your subnets in a VPC is directed. Each subnet must be associated with a route table. A subnet can only be associated with one route table at a time, but you can associate multiple subnets with the same route table.
A route table contains a set of routes that are used to determine where network traffic from your subnets in a VPC is directed. Each subnet must be associated with a route table. A subnet can only be associated with one route table, but you can associate multiple subnets with the same route table.
Default Route Table and Custom Route Table
------------------------------------------
@ -33,12 +33,9 @@ A route is configured with the destination, next hop type, and next hop to deter
After a route table is created, the system automatically adds the following system routes to the route table, so that instances in a VPC can communicate with each other.
- Routes whose destination is 100.64.0.0/10 or 198.19.128.0/20.
- Routes whose destination is a subnet CIDR block.
.. note::
In addition to the preceding system routes, the system automatically adds a route whose destination is 127.0.0.0/8. This is the local loopback address.
- The route destination of 100.64.0.0/10 or 198.19.128.0/20 is used by network services, such as DNS and VPCEP on the cloud.
- The route destination of 127.0.0.0/8 is the local loopback address.
- The route with destination of a subnet CIDR block is used for communication between subnets in a VPC.
- Custom routes: These are routes that you can add, modify, and delete. The destination of a custom route cannot overlap with that of a system route.

6
umn/source/security/differences_between_security_groups_and_firewalls.rst
View File

@ -5,10 +5,10 @@
Differences Between Security Groups and Firewalls
=================================================
You can configure security groups and firewall to increase the security of ECSs in your VPC.
You can configure security groups and firewalls to increase the security of ECSs in your VPC.
- Security groups operate at the ECS level.
- firewalls protect associated subnets and all the resources in the subnets.
- Firewalls protect associated subnets and all the resources in the subnets.
For details, see :ref:`Figure 1 <en-us_topic_0052003963__fig9582182315479>`.
@ -28,7 +28,7 @@ For details, see :ref:`Figure 1 <en-us_topic_0052003963__fig9582182315479>`.
+----------+------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Category | Security Group | Firewall |
+==========+================================================================================================================================================+=============================================================================================================================================================================================================================================================================================================================+
| Targets | Operates at the ECS level. | Operates at the subnet level. |
| Scope | Operates at the ECS level. | Operates at the subnet level. |
+----------+------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Rules | Does not support **Allow** or **Deny** rules. | Supports both **Allow** and **Deny** rules. |
+----------+------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+

28
umn/source/security/firewall/adding_a_firewall_rule.rst
View File

@ -36,17 +36,19 @@ Procedure
.. table:: **Table 1** Parameter descriptions
+------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Parameter | Description | Example Value |
+========================+================================================================================================================================================================================================================================================================+=======================+
| Priority | Priority of firewall rule. A smaller priority value represents a higher priority. Each network ACL includes a default rule whose priority value is an asterisk (``*``). Default rules have the lowest priority. | 3 |
+------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
+========================+===================================================================================================================================================================================================================+=======================+
| Priority | Priority of a firewall rule. A smaller priority value represents a higher priority. Each network ACL includes a default rule whose priority value is an asterisk (``*``). Default rules have the lowest priority. | 3 |
+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Status | Status of a firewall. When you add a rule to it, its default status is **Enabled**. | Enabled |
+------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Action | The action in the firewall. This parameter is mandatory. You can select a value from the drop-down list. Currently, the value can be **Allow** or **Deny**. | Allow |
+------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Protocol | The protocol supported by the firewall. This parameter is mandatory. You can select a value from the drop-down list. The value can be **TCP**, **UDP**, **All**, or **ICMP**. If **ICMP** or **All** is selected, you do not need to specify port information. | TCP |
+------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Protocol | The protocol supported by the firewall. This parameter is mandatory. You can select a protocol from the drop-down list. | TCP |
| | | |
| | You can select **TCP**, **UDP**, **ICMP**, or **All**. | |
+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Source | The source from which the traffic is allowed. The source can be an IP address or IP address range. | 0.0.0.0/0 |
| | | |
| | - IP address: | |
@ -56,11 +58,11 @@ Procedure
| | - IP address range: 192.168.1.0/24 | |
| | | |
| | - Security group: sg-A | |
+------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Source Port Range | The source port number or port number range. The value ranges from 1 to 65535. For a port number range, enter two port numbers connected by a hyphen (-). For example, **1-100**. | 22, or 22-30 |
| | | |
| | You must specify this parameter if **TCP** or **UDP** is selected for **Protocol**. | |
+------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Destination | The destination to which the traffic is allowed. The destination can be an IP address or IP address range. | 0.0.0.0/0 |
| | | |
| | - IP address: | |
@ -70,15 +72,15 @@ Procedure
| | - IP address range: 192.168.1.0/24 | |
| | | |
| | - Security group: sg-A | |
+------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Destination Port Range | The destination port number or port number range. The value ranges from 1 to 65535. For a port number range, enter two port numbers connected by a hyphen (-). For example, **1-100**. | 22, or 22-30 |
| | | |
| | You must specify this parameter if **TCP** or **UDP** is selected for **Protocol**. | |
+------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Description | Supplementary information about the firewall rule. This parameter is optional. | N/A |
| | | |
| | The description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | |
+------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
7. Click **OK**.

8
umn/source/security/firewall/firewall_configuration_examples.rst
View File

@ -15,15 +15,15 @@ This section provides examples for configuring firewalls.
Denying Access from a Specific Port
-----------------------------------
You might want to block TCP 445 to protect against the WannaCry ransomware attacks. You can add a firewall rule to deny all incoming traffic from TCP port 445.
You might want to block TCP port 445 to protect against the WannaCry ransomware attacks. You can add a firewall rule to deny all incoming traffic from TCP port 445.
Firewall Configuration
:ref:`Table 1 <acl_0002__table553618145582>` lists the inbound rule required.
:ref:`Table 1 <acl_0002__table553618145582>` lists the required rules.
.. _acl_0002__table553618145582:
.. table:: **Table 1** firewall rules
.. table:: **Table 1** Firewall rules
+-----------+--------+----------+-----------+-------------------+-------------+------------------------+------------------------------------------------------------------+
| Direction | Action | Protocol | Source | Source Port Range | Destination | Destination Port Range | Description |
@ -51,7 +51,7 @@ Firewall Configuration
.. _acl_0002__table195634095313:
.. table:: **Table 2** firewall rules
.. table:: **Table 2** Firewall rules
+-----------+--------+----------+-----------+-------------------+-------------+------------------------+------------------------------------------------------------------------------------------+
| Direction | Action | Protocol | Source | Source Port Range | Destination | Destination Port Range | Description |

2
umn/source/security/firewall/firewall_overview.rst
View File

@ -42,7 +42,7 @@ By default, each firewall has preset rules that allow the following packets:
- Metadata packets with the destination 169.254.169.254/32 and TCP port number 80, which is used to obtain metadata.
- Packets from CIDR blocks that are reserved for public services (for example, packets with the destination 100.125.0.0/16)
- Packets from CIDR blocks that are reserved for public services (for example, packets with the destination 100.125.0.0/16).
- A firewall denies all traffic in and out of a subnet excepting the preceding packets. :ref:`Table 1 <acl_0001__table1034601475112>` shows the default rules. You cannot modify or delete the default rules.

2
umn/source/security/firewall/modifying_a_firewall.rst
View File

@ -21,7 +21,7 @@ Procedure
5. Locate the target firewall and click its name to switch to the page showing details of that particular firewall.
6. On the displayed page, click |image3| on the right of **Name** and edit the firewall name.
7. Click Y to save the new firewall name.
8. Click |image4| on the right of Description and edit the firewall description.
8. Click |image4| on the right of **Description** and edit the firewall description.
9. Click Y to save the new firewall description.
.. |image1| image:: /_static/images/en-us_image_0141273034.png

28
umn/source/security/firewall/modifying_a_firewall_rule.rst
View File

@ -35,17 +35,19 @@ Procedure
.. table:: **Table 1** Parameter descriptions
+------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Parameter | Description | Example Value |
+========================+================================================================================================================================================================================================================================================================+=======================+
| Priority | Priority of firewall rule. A smaller priority value represents a higher priority. Each network ACL includes a default rule whose priority value is an asterisk (``*``). Default rules have the lowest priority. | 3 |
+------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
+========================+===================================================================================================================================================================================================================+=======================+
| Priority | Priority of a firewall rule. A smaller priority value represents a higher priority. Each network ACL includes a default rule whose priority value is an asterisk (``*``). Default rules have the lowest priority. | 3 |
+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Status | Status of a firewall. When you add a rule to it, its default status is **Enabled**. | Enabled |
+------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Action | The action in the firewall. This parameter is mandatory. You can select a value from the drop-down list. Currently, the value can be **Allow** or **Deny**. | Allow |
+------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Protocol | The protocol supported by the firewall. This parameter is mandatory. You can select a value from the drop-down list. The value can be **TCP**, **UDP**, **All**, or **ICMP**. If **ICMP** or **All** is selected, you do not need to specify port information. | TCP |
+------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Protocol | The protocol supported by the firewall. This parameter is mandatory. You can select a protocol from the drop-down list. | TCP |
| | | |
| | You can select **TCP**, **UDP**, **ICMP**, or **All**. | |
+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Source | The source from which the traffic is allowed. The source can be an IP address or IP address range. | 0.0.0.0/0 |
| | | |
| | - IP address: | |
@ -55,11 +57,11 @@ Procedure
| | - IP address range: 192.168.1.0/24 | |
| | | |
| | - Security group: sg-A | |
+------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Source Port Range | The source port number or port number range. The value ranges from 1 to 65535. For a port number range, enter two port numbers connected by a hyphen (-). For example, **1-100**. | 22, or 22-30 |
| | | |
| | You must specify this parameter if **TCP** or **UDP** is selected for **Protocol**. | |
+------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Destination | The destination to which the traffic is allowed. The destination can be an IP address or IP address range. | 0.0.0.0/0 |
| | | |
| | - IP address: | |
@ -69,15 +71,15 @@ Procedure
| | - IP address range: 192.168.1.0/24 | |
| | | |
| | - Security group: sg-A | |
+------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Destination Port Range | The destination port number or port number range. The value ranges from 1 to 65535. For a port number range, enter two port numbers connected by a hyphen (-). For example, **1-100**. | 22, or 22-30 |
| | | |
| | You must specify this parameter if **TCP** or **UDP** is selected for **Protocol**. | |
+------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Description | Supplementary information about the firewall rule. This parameter is optional. | N/A |
| | | |
| | The description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | |
+------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
7. Click **Confirm**.

55
umn/source/security/security_group/adding_a_security_group_rule.rst
View File

File diff suppressed because it is too large Load Diff

2
umn/source/security/security_group/changing_the_security_group_of_an_ecs.rst
View File

@ -29,7 +29,7 @@ Procedure
**Figure 1** Change Security Group
#. Select the target NIC and security groups as prompted.
#. Select the target NIC and security groups.
You can select multiple security groups. In such a case, the rules of all the selected security groups will be aggregated to apply on the ECS.

37
umn/source/security/security_group/creating_a_security_group.rst
View File

@ -8,11 +8,12 @@ Creating a Security Group
Scenarios
---------
You can create security groups and add ECSs in a VPC to different security groups to improve ECS access security. We recommend that you allocate ECSs that have different Internet access requirements to different security groups.
A security group is a collection of access control rules to control the traffic that is allowed to reach and leave the cloud resources that it is associated with. The cloud resources can be cloud servers, containers, databases, and more. A security group consists of inbound and outbound rules.
Each ECS must be associated with at least one security group. If you have no security group when creating an ECS, the system provides a default security group.
Notes and Constraints
---------------------
You have an option to create a new security group for the ECS. This section describes how to create a security group on the management console.
Each ECS must be associated with at least one security group. If you have no security group when creating an ECS, the system automatically creates a default security group (default) for the ECS. For details about the rules in the default security group, see :ref:`Default Security Groups and Security Group Rules <securitygroup_0003>`.
Procedure
---------
@ -25,9 +26,13 @@ Procedure
#. In the navigation pane on the left, choose **Access Control** > **Security Groups**.
#. On the **Security Groups** page, click **Create Security Group**.
The security group list is displayed.
#. In the **Create Security Group** area, set the parameters as prompted. :ref:`Table 1 <en-us_topic_0013748715__table65377617111335>` lists the parameters to be configured.
#. In the upper right corner, click **Create Security Group**.
The **Create Security Group** page is displayed.
#. Configure the parameters as prompted.
.. figure:: /_static/images/en-us_image_0000001197426329.png
@ -35,14 +40,14 @@ Procedure
**Figure 1** Create Security Group
.. _en-us_topic_0013748715__table65377617111335:
.. table:: **Table 1** Parameter description
+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------+
| Parameter | Description | Example Value |
+=======================+=======================================================================================================================================================================================================================================================+============================+
| Name | The security group name. This parameter is mandatory. | sg-318b |
| Name | Mandatory | sg-AB |
| | | |
| | Enter the security group name. | |
| | | |
| | The security group name can contain a maximum of 64 characters, which may consist of letters, digits, underscores (_), hyphens (-), and periods (.). The name cannot contain spaces. | |
| | | |
@ -50,24 +55,28 @@ Procedure
| | | |
| | You can change the security group name after a security group is created. It is recommended that you give each security group a different name. | |
+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------+
| Enterprise Project | When creating a security group, you can add the security group to an enabled enterprise project. | default |
| Enterprise Project | Mandatory | default |
| | | |
| | When creating a security group, you can add the security group to an enabled enterprise project. | |
| | | |
| | An enterprise project facilitates project-level management and grouping of cloud resources and users. The name of the default project is **default**. | |
| | | |
| | For details about creating and managing enterprise projects, see the *Enterprise Management User Guide*. | |
+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------+
| Template | A template comes with default security group rules, helping you quickly create security groups. The following templates are provided: | General-purpose web server |
| Template | Mandatory | General-purpose web server |
| | | |
| | A template comes with default security group rules, helping you quickly create security groups. The following templates are provided: | |
| | | |
| | - **Custom**: This template allows you to create security groups with custom security group rules. | |
| | - **General-purpose web server**: The security group that you create using this template is for general-purpose web servers and includes default rules that allow all inbound ICMP traffic and allow inbound traffic on ports 22, 80, 443, and 3389. | |
| | - **All ports open**: The security group that you create using this template includes default rules that allow inbound traffic on any port. Note that allowing inbound traffic on any port poses security risks. | |
+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------+
| Description | Supplementary information about the security group. This parameter is optional. | N/A |
| Description | Optional | N/A |
| | | |
| | Supplementary information about the security group. This parameter is optional. | |
| | | |
| | The security group description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | |
+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------+
#. Click **OK**.
#. Confirm the inbound and outbound rules of the template and click **OK**.
.. |image1| image:: /_static/images/en-us_image_0141273034.png
.. |image2| image:: /_static/images/en-us_image_0000001500905066.png

28
umn/source/security/security_group/fast-adding_security_group_rules.rst
View File

@ -8,7 +8,7 @@ Fast-Adding Security Group Rules
Scenarios
---------
You can add multiple security group rules with different protocols and ports at the same time.
The fast-adding rule function of security groups allows you to quickly add rules with common ports and protocols for remote login, ping tests, common web services, and database services.
Procedure
---------
@ -21,9 +21,17 @@ Procedure
4. In the navigation pane on the left, choose **Access Control** > **Security Groups**.
5. On the **Security Groups** page, locate the target security group and click **Manage Rule** in the **Operation** column to switch to the page for managing inbound and outbound rules.
The security group list is displayed.
6. On the **Inbound Rules** tab, click **Fast-Add Rule**. In the displayed dialog box, select the protocols and ports you wish to add all at once.
5. Locate the row that contains the target security group and click **Manage Rule** in the **Operation** column.
The page for configuring security group rules is displayed.
6. On the **Inbound Rules** tab, click **Fast-Add Rule**.
The **Fast-Add Inbound Rule** dialog box is displayed.
7. Configure required parameters.
.. figure:: /_static/images/en-us_image_0211552164.png
@ -56,7 +64,15 @@ Procedure
| | The description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | |
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
7. On the **Outbound Rules** tab, click **Fast-Add Rule**. In the displayed dialog box, select required protocols and ports to add multiple rules at a time.
8. Click **OK**.
The inbound rule list is displayed and you can view your added rule.
9. On the **Outbound Rules** tab, click **Fast-Add Rule**.
The **Fast-Add Outbound Rule** dialog box is displayed.
10. Configure required parameters.
.. figure:: /_static/images/en-us_image_0211560998.png
@ -87,7 +103,9 @@ Procedure
| | The description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | |
+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
8. Click **OK**.
11. Click **OK**.
The outbound rule list is displayed and you can view your added rule.
.. |image1| image:: /_static/images/en-us_image_0141273034.png
.. |image2| image:: /_static/images/en-us_image_0000001500905066.png

39
umn/source/security/security_group/importing_and_exporting_security_group_rules.rst
View File

@ -15,17 +15,26 @@ Scenarios
Notes and Constraints
---------------------
- When modifying exported security group rules, you can only modify existing fields in the exported file based on the template and cannot add new fields or modify the field names. Otherwise, the file will fail to be imported.
- Duplicate rules are not allowed.
- The security group rules to be imported must be configured based on the template. Do not add parameters or change existing parameters. Otherwise, the import will fail.
- If a security group rule to be imported is the same as an existing one, the security group rule cannot be imported. You can delete the rule and try again.
Procedure
---------
#. Log in to the management console.
#. Click |image1| in the upper left corner and select the desired region and project.
#. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**.
#. In the navigation pane on the left, choose **Access Control** > **Security Groups**.
#. On the **Security Groups** page, click the security group name.
The security group list is displayed.
#. On the security group list, click the name of the target security group.
The security group details page is displayed.
#. Export and import security group rules.
- Click |image3| to export all rules of the current security group to an Excel file.
@ -38,19 +47,19 @@ Procedure
.. table:: **Table 1** Template parameters
+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------+
| Parameter | Description | Example Value |
+=======================+=============================================================================================================================================================================+=======================+
+=======================+=============================================================================================================================================================================+====================================+
| Direction | The direction in which the security group rule takes effect. | Inbound |
| | | |
| | - Inbound rules control incoming traffic to cloud resources in the security group. | |
| | - Outbound rules control outgoing traffic from cloud resources in the security group. | |
+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| | - **Inbound**: Inbound rules control incoming traffic to instances in the security group. | |
| | - **Outbound**: Outbound rules control outgoing traffic from instances in the security group. | |
+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------+
| Protocol & Port | **Protocol**: The network protocol. Currently, the value can be **All**, **TCP**, **UDP**, **ICMP**, **GRE**, or others. | TCP |
+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------+
| | **Port**: The port or port range over which the traffic can reach your ECS. The value ranges from 1 to 65535. | 22, or 22-30 |
+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Source | Source of the security group rule. The value can be an IP address or a security group to allow access from IP addresses or instances in the security group. For example: | 0.0.0.0/0 |
+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------+
| Source | Source of the security group rule. The value can be an IP address or a security group to allow access from IP addresses or instances in the security group. For example: | sg-test[96a8a93f-XXX-d7872990c314] |
| | | |
| | - IP address: | |
| | | |
@ -59,13 +68,13 @@ Procedure
| | - IP address range: 192.168.1.0/24 | |
| | | |
| | - Security group: sg-A | |
+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Destination | Destination of the security group rule. The value can be an IP address or a security group to allow access to IP addresses or instances in the security group. For example: | 0.0.0.0/0 |
+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------+
| Destination | Destination of the security group rule. The value can be an IP address or a security group to allow access to IP addresses or instances in the security group. For example: | sg-test[96a8a93f-XXX-d7872990c314] |
+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------+
| Description | Supplementary information about the security group rule. This parameter is optional. | ``-`` |
| | | |
| | The security group rule description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | |
+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------+
.. |image1| image:: /_static/images/en-us_image_0141273034.png
.. |image2| image:: /_static/images/en-us_image_0000001500905066.png

36
umn/source/security/security_group/security_group_overview.rst
View File

@ -12,15 +12,15 @@ A security group is a collection of access control rules for cloud resources, su
Like whitelists, security group rules work as follows:
- Inbound rule: If an inbound request matches the source in an inbound security group rule with **Action** set to **Allow**, the request is allowed.
- Inbound rules control incoming traffic to instances in the security group. If an inbound request matches the source in an inbound security group rule with **Action** set to **Allow**, the request is allowed.
Unless otherwise specified, you do not need to configure deny rules in the inbound direction because requests that do not match allow rules will be denied.
- Outbound rule: If the destination of an outbound security group rule with **Action** set to **Allow** is 0.0.0.0/0, all outbound requests are allowed.
- Outbound rules control outgoing traffic from instances in the security group. If the destination of an outbound security group rule with **Action** set to **Allow** is 0.0.0.0/0, all outbound requests are allowed.
IPv4 default route: 0.0.0.0/0
0.0.0.0/0 represents all IPv4 addresses.
IPv6 default route: ::/0
::/0 represents all IPv6 addresses.
:ref:`Table 1 <en-us_topic_0073379079__table102261597217>` shows the inbound and outbound rules in security group sg-AB.
@ -28,13 +28,23 @@ Like whitelists, security group rules work as follows:
.. table:: **Table 1** Rules in security group sg-AB
+-----------+--------+-----------------+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------+
| Direction | Action | Protocol & Port | Source or Destination | Description |
+===========+========+=================+========================+===========================================================================================================================================+
| Inbound | Allow | All | Source: sg-AB | Allows access requests from security group sg-AB. This rule ensures that instances in the security group can communicate with each other. |
+-----------+--------+-----------------+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------+
| Outbound | Allow | All | Destination: 0.0.0.0/0 | Allows all requests in the security group to be sent out. |
+-----------+--------+-----------------+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------+
+-----------+--------+------+-----------------+---------------------------+--------------------------------------------------------------------------------------------------------------------------------------+
| Direction | Action | Type | Protocol & Port | Source/Destination | Description |
+===========+========+======+=================+===========================+======================================================================================================================================+
| Inbound | Allow | IPv4 | All | Source: sg-AB | This rule allows ECSs in the security group to communicate with each other. |
+-----------+--------+------+-----------------+---------------------------+--------------------------------------------------------------------------------------------------------------------------------------+
| Inbound | Allow | IPv4 | TCP: 22 | Source: 0.0.0.0/0 | This rule allows all IPv4 addresses to access ECSs in the security group over SSH port 22 for remotely logging in to Linux ECSs. |
+-----------+--------+------+-----------------+---------------------------+--------------------------------------------------------------------------------------------------------------------------------------+
| Inbound | Allow | IPv4 | TCP: 3389 | Source: 0.0.0.0/0 | This rule allows all IPv4 addresses to access ECSs in the security group over RDP port 3389 for remotely logging in to Windows ECSs. |
+-----------+--------+------+-----------------+---------------------------+--------------------------------------------------------------------------------------------------------------------------------------+
| Inbound | Allow | IPv4 | TCP: 80 | Source: 10.5.6.30/32 | This rule allows IP address 10.5.6.30 to access ECSs in the security group over port 80. |
+-----------+--------+------+-----------------+---------------------------+--------------------------------------------------------------------------------------------------------------------------------------+
| Outbound | Allow | IPv4 | All | Destination: 0.0.0.0/0 | This rule allows access from ECSs in the security group to any IPv4 address over any port. |
+-----------+--------+------+-----------------+---------------------------+--------------------------------------------------------------------------------------------------------------------------------------+
| Outbound | Allow | IPv6 | All | Destination: ::/0 | This rule allows access from ECSs in the security group to any IPv6 address over any port. |
+-----------+--------+------+-----------------+---------------------------+--------------------------------------------------------------------------------------------------------------------------------------+
| Outbound | Allow | IPv4 | TCP: 80 | Destination: 10.7.6.51/32 | This rule allows access from ECSs in the security group to IP address 10.7.6.51 over port 80. |
+-----------+--------+------+-----------------+---------------------------+--------------------------------------------------------------------------------------------------------------------------------------+
The system automatically creates a default security group for each account. If the default security group does not meet your requirements, you can :ref:`modify security group rules <vpc_securitygroup_0005>` or :ref:`create a custom security group <en-us_topic_0013748715>`.
@ -43,9 +53,9 @@ Security Group Basics
- You can associate instances, such as servers and extension NICs, with one or more security groups.
You can change the security groups that are associated with instances, such as servers or extension NICs. By default, when you create an instance, it is associated with the default security group of its VPC unless you specify another security group.
You can also change the security groups that are associated with the instances. By default, when you create an instance, it is associated with the default security group of its VPC unless you specify another security group.
- You need to add security group rules to allow instances in the same security group to communicate with each other.
- You can add security group rules to allow instances in the same security group to communicate with each other.
- Security groups are stateful. If you send a request from your instance and the outbound traffic is allowed, the response traffic for that request is allowed to flow in regardless of inbound security group rules. Similarly, if inbound traffic is allowed, responses to allowed inbound traffic are allowed to flow out, regardless of outbound rules.

32
umn/source/service_overview/basic_concepts/security_group.rst
View File

@ -9,15 +9,15 @@ A security group is a collection of access control rules for cloud resources, su
Like whitelists, security group rules work as follows:
- Inbound rule: If an inbound request matches the source in an inbound security group rule with **Action** set to **Allow**, the request is allowed.
- Inbound rules control incoming traffic to instances in the security group. If an inbound request matches the source in an inbound security group rule with **Action** set to **Allow**, the request is allowed.
Unless otherwise specified, you do not need to configure deny rules in the inbound direction because requests that do not match allow rules will be denied.
- Outbound rule: If the destination of an outbound security group rule with **Action** set to **Allow** is 0.0.0.0/0, all outbound requests are allowed.
- Outbound rules control outgoing traffic from instances in the security group. If the destination of an outbound security group rule with **Action** set to **Allow** is 0.0.0.0/0, all outbound requests are allowed.
IPv4 default route: 0.0.0.0/0
0.0.0.0/0 represents all IPv4 addresses.
IPv6 default route: ::/0
::/0 represents all IPv6 addresses.
:ref:`Table 1 <vpc_concepts_0005__en-us_topic_0073379079_table102261597217>` shows the inbound and outbound rules in security group sg-AB.
@ -25,10 +25,20 @@ Like whitelists, security group rules work as follows:
.. table:: **Table 1** Rules in security group sg-AB
+-----------+--------+-----------------+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------+
| Direction | Action | Protocol & Port | Source or Destination | Description |
+===========+========+=================+========================+===========================================================================================================================================+
| Inbound | Allow | All | Source: sg-AB | Allows access requests from security group sg-AB. This rule ensures that instances in the security group can communicate with each other. |
+-----------+--------+-----------------+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------+
| Outbound | Allow | All | Destination: 0.0.0.0/0 | Allows all requests in the security group to be sent out. |
+-----------+--------+-----------------+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------+
+-----------+--------+------+-----------------+---------------------------+--------------------------------------------------------------------------------------------------------------------------------------+
| Direction | Action | Type | Protocol & Port | Source/Destination | Description |
+===========+========+======+=================+===========================+======================================================================================================================================+
| Inbound | Allow | IPv4 | All | Source: sg-AB | This rule allows ECSs in the security group to communicate with each other. |
+-----------+--------+------+-----------------+---------------------------+--------------------------------------------------------------------------------------------------------------------------------------+
| Inbound | Allow | IPv4 | TCP: 22 | Source: 0.0.0.0/0 | This rule allows all IPv4 addresses to access ECSs in the security group over SSH port 22 for remotely logging in to Linux ECSs. |
+-----------+--------+------+-----------------+---------------------------+--------------------------------------------------------------------------------------------------------------------------------------+
| Inbound | Allow | IPv4 | TCP: 3389 | Source: 0.0.0.0/0 | This rule allows all IPv4 addresses to access ECSs in the security group over RDP port 3389 for remotely logging in to Windows ECSs. |
+-----------+--------+------+-----------------+---------------------------+--------------------------------------------------------------------------------------------------------------------------------------+
| Inbound | Allow | IPv4 | TCP: 80 | Source: 10.5.6.30/32 | This rule allows IP address 10.5.6.30 to access ECSs in the security group over port 80. |
+-----------+--------+------+-----------------+---------------------------+--------------------------------------------------------------------------------------------------------------------------------------+
| Outbound | Allow | IPv4 | All | Destination: 0.0.0.0/0 | This rule allows access from ECSs in the security group to any IPv4 address over any port. |
+-----------+--------+------+-----------------+---------------------------+--------------------------------------------------------------------------------------------------------------------------------------+
| Outbound | Allow | IPv6 | All | Destination: ::/0 | This rule allows access from ECSs in the security group to any IPv6 address over any port. |
+-----------+--------+------+-----------------+---------------------------+--------------------------------------------------------------------------------------------------------------------------------------+
| Outbound | Allow | IPv4 | TCP: 80 | Destination: 10.7.6.51/32 | This rule allows access from ECSs in the security group to IP address 10.7.6.51 over port 80. |
+-----------+--------+------+-----------------+---------------------------+--------------------------------------------------------------------------------------------------------------------------------------+

2
umn/source/service_overview/basic_concepts/shared_snat.rst
View File

@ -16,7 +16,7 @@ The VPC service provides free SNAT function, which allows ECSs to use a limited
**Figure 1** SNAT function
- To enable shared SNAT using the API, set **enable_snat** to **true** by following the instructions provided in **Neutron** > **Routers** > **Update router** in the *Native OpenStack API Reference*.
- To enable shared SNAT using the API, refer to `Updating a Router <https://docs.otc.t-systems.com/virtual-private-cloud/api-ref/native_openstack_neutron_apis_v2.0/router/updating_a_router.html#vpc-router-0004>`__ and set **enable_snat** to **true**.
- To enable shared SNAT on the management console:
#. Log in to the management console.

84
umn/source/service_overview/permissions.rst
View File

File diff suppressed because it is too large Load Diff

3
umn/source/shared_bandwidth/adding_eips_to_a_shared_bandwidth.rst
View File

@ -15,6 +15,7 @@ Notes and Constraints
- After an EIP is added to a shared bandwidth, the original bandwidth used by the EIP will become invalid and the EIP will start to use the shared bandwidth.
- The EIP's original dedicated bandwidth will be deleted.
- If it is a standard shared bandwidth, you can add dynamic BGP EIPs and IPv6 NICs to it. If it is a premium shared bandwidth, you can add premium BGP EIPs and IPv6 NICs to it.
- Do not add EIPs of the dedicated load balancer type (**5_gray**) and other types to the same shared bandwidth. Otherwise, the bandwidth limit policy will not take effect.
Procedure
@ -28,7 +29,7 @@ Procedure
4. In the navigation pane on the left, choose **Elastic IP and Bandwidth** > **Shared Bandwidths**.
5. In the shared bandwidth list, locate the row that contains the shared bandwidth that you want to add EIPs to. In the **Operation** column, choose **Add EIP**, and select the EIPs to be added.
5. In the shared bandwidth list, locate the row that contains the shared bandwidth that you want to add EIPs to. In the **Operation** column, choose **More** > **Add EIP**, and select the EIPs to be added.
.. figure:: /_static/images/en-us_image_0000001211006359.png

4
umn/source/shared_bandwidth/assigning_a_shared_bandwidth.rst
View File

@ -43,11 +43,9 @@ Procedure
| Enterprise Project | The enterprise project that the EIP belongs to. | default |
| | | |
| | An enterprise project facilitates project-level management and grouping of cloud resources and users. The name of the default project is **default**. | |
| | | |
| | For details about creating and managing enterprise projects, see the *Enterprise Management User Guide*. | |
+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
#. Click **Create Now**.
#. Click **Assign Now**.
.. |image1| image:: /_static/images/en-us_image_0141273034.png
.. |image2| image:: /_static/images/en-us_image_0000001454059512.png

4
umn/source/virtual_ip_address/releasing_a_virtual_ip_address.rst
View File

@ -22,7 +22,9 @@ If you want to release a virtual IP address that is being used by a resource, re
+-----------------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------+
| Prompts | Cause Analysis and Solution |
+===================================================================================================================================+=====================================================================================================================================+
| This operation cannot be performed because the IP address is bound to an instance or an EIP. Unbind the IP address and try again. | This virtual IP address is being by an EIP or an ECS. Unbind the virtual IP address first. |
| This operation cannot be performed because the IP address is bound to an instance or an EIP. Unbind the IP address and try again. | This virtual IP address is being by an EIP or an ECS. |
| | |
| | Unbind the virtual IP address first. |
| | |
| | - EIP: :ref:`Unbinding a Virtual IP Address from an EIP <vpc_vip_0011>` |
| | - ECS: :ref:`Unbinding a Virtual IP Address from an Instance <vpc_vip_0010>` |

32
umn/source/vpc_and_subnet/subnet/creating_a_subnet_for_the_vpc.rst
View File

@ -37,33 +37,37 @@ Procedure
.. table:: **Table 1** Parameter descriptions
+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
+--------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Parameter | Description | Example Value |
+========================+=============================================================================================================================================================================================================================================+=======================+
+======================================+=============================================================================================================================================================================================================================================+=======================+
| VPC | The VPC for which you want to create a subnet. | ``-`` |
+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
+--------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Name | The subnet name. | Subnet |
| | | |
| | The name can contain a maximum of 64 characters, which may consist of letters, digits, underscores (_), hyphens (-), and periods (.). The name cannot contain spaces. | |
+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
+--------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| CIDR Block | The CIDR block for the subnet. This value must be within the VPC CIDR block. | 192.168.0.0/24 |
+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
+--------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Associated Route Table | The default route table to which the subnet will be associated. You can change the route table to a custom route table on the **Subnets** page. | Default |
+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Gateway | The gateway address of the subnet. | 192.168.0.1 |
+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| DNS Server Address | By default, two DNS server addresses are configured. You can change them if necessary. A maximum of five DNS server addresses can be configured. Multiple IP addresses must be separated using commas (,). | 100.125.x.x |
+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| NTP Server Address | The IP address of the NTP server. This parameter is optional. | 192.168.2.1 |
+--------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Advanced Settings/Gateway | The gateway address of the subnet. | 192.168.0.1 |
+--------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Advanced Settings/DNS Server Address | By default, two DNS server addresses are configured. You can change them if necessary. A maximum of five DNS server addresses can be configured. Multiple IP addresses must be separated using commas (,). | 100.125.x.x |
+--------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Advanced Settings/NTP Server Address | The IP address of the NTP server. This parameter is optional. | 192.168.2.1 |
| | | |
| | You can configure the NTP server IP addresses to be added to the subnet as required. The IP addresses are added in addition to the default NTP server addresses. If this parameter is left empty, no IP address of the NTP server is added. | |
| | | |
| | A maximum of four IP addresses can be configured. Multiple IP addresses must be separated using commas (,). | |
+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Tag | The subnet tag, which consists of a key and value pair. You can add a maximum of 20 tags to each subnet. | - Key: subnet_key1 |
+--------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Advanced Settings/Tag | The subnet tag, which consists of a key and value pair. You can add a maximum of 20 tags to each subnet. | - Key: subnet_key1 |
| | | - Value: subnet-01 |
| | The tag key and value must meet the requirements listed in :ref:`Table 2 <en-us_topic_0013748726__table42131827173915>`. | |
+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
+--------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Advanced Settings/Description | Supplementary information about the subnet. This parameter is optional. | ``-`` |
| | | |
| | The subnet description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | |
+--------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
.. _en-us_topic_0013748726__table42131827173915:

14
umn/source/vpc_and_subnet/subnet/managing_subnet_tags.rst
View File

@ -53,19 +53,13 @@ Procedure
The **Subnets** page is displayed.
#. In the upper right corner of the subnet list, click **Search by Tag**.
#. In the search box above the subnet list, click the search box.
#. Enter the tag key of the subnet to be queried.
a. Click **Tag**.
Both the tag key and value must be specified. The system automatically displays the subnets you are looking for if both the tag key and value are matched.
b. Select the target tags and click **OK**.
#. Click **+** to add another tag key and value.
You can add multiple tag keys and values to refine your search results. If you add more than one tag to search for subnets, the subnets containing all specified tags will be displayed.
#. Click **Search**.
The system displays the subnets you are looking for based on the entered tag keys and values.
The system filters resources based on the tags you select.
**Add, delete, edit, and view tags on the Tags tab of a subnet.**

4
umn/source/vpc_and_subnet/subnet/viewing_and_deleting_resources_in_a_subnet.rst
View File

@ -35,7 +35,7 @@ Procedure
#. On the **Summary** page, view the resources in the subnet.
a. In the **Resources** area, view the ECSs, BMSs, network interfaces, and load balancers in the subnet.
a. In the **VPC Resources** area, view the ECSs, BMSs, network interfaces, and load balancers in the subnet.
b. In the **Networking Components** area, view the NAT gateways in the subnet.
#. Delete resources from the subnet.
@ -63,7 +63,7 @@ Procedure
+-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------+
| Load balancer | You can directly switch to load balancers from the subnet details page. |
| | |
| | a. Click the load balancer quantity in the **Resources** area. |
| | a. Click the load balancer quantity in the **VPC Resources** area. |
| | |
| | The load balancer list is displayed. |
| | |

14
umn/source/vpc_and_subnet/vpc/creating_a_vpc.rst
View File

@ -38,7 +38,7 @@ Procedure
| | | | |
| | | The name can contain a maximum of 64 characters, which may consist of letters, digits, underscores (_), hyphens (-), and periods (.). The name cannot contain spaces. | |
+-------------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+
| Basic Information | CIDR Block | The CIDR block of the VPC. The CIDR block of a subnet can be the same as the CIDR block for the VPC (for a single subnet in the VPC) or a subset of the CIDR block for the VPC (for multiple subnets in the VPC). | 192.168.0.0/16 |
| Basic Information | IPv4 CIDR Block | The CIDR block of the VPC. The CIDR block of a subnet can be the same as the CIDR block for the VPC (for a single subnet in the VPC) or a subset of the CIDR block for the VPC (for multiple subnets in the VPC). | 192.168.0.0/16 |
| | | | |
| | | The following CIDR blocks are supported: | |
| | | | |
@ -51,8 +51,6 @@ Procedure
| Basic Information | Enterprise Project | The enterprise project to which the VPC belongs. | default |
| | | | |
| | | An enterprise project facilitates project-level management and grouping of cloud resources and users. The name of the default project is **default**. | |
| | | | |
| | | For details about creating and managing enterprise projects, see the *Enterprise Management User Guide*. | |
+-------------------------------------+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+
| Basic Information/Advanced Settings | Tag | The VPC tag, which consists of a key and value pair. You can add a maximum of 20 tags to each VPC. | - Key: vpc_key1 |
| | | | - Value: vpc-01 |
@ -93,11 +91,11 @@ Procedure
.. table:: **Table 2** VPC tag key and value requirements
+-----------------------+----------------------------------------------------------------------------+-----------------------+
+-----------------------+------------------------------------------------------------------------+-----------------------+
| Parameter | Requirements | Example Value |
+=======================+============================================================================+=======================+
+=======================+========================================================================+=======================+
| Key | - Cannot be left blank. | vpc_key1 |
| | - Must be unique for the same VPC and can be the same for different VPCs. | |
| | - Must be unique for each VPC and can be the same for different VPCs. | |
| | - Can contain a maximum of 36 characters. | |
| | - Can contain only the following character types: | |
| | | |
@ -105,7 +103,7 @@ Procedure
| | - Lowercase letters | |
| | - Digits | |
| | - Special characters, including hyphens (-) and underscores (_) | |
+-----------------------+----------------------------------------------------------------------------+-----------------------+
+-----------------------+------------------------------------------------------------------------+-----------------------+
| Value | - Can contain a maximum of 43 characters. | vpc-01 |
| | - Can contain only the following character types: | |
| | | |
@ -113,7 +111,7 @@ Procedure
| | - Lowercase letters | |
| | - Digits | |
| | - Special characters, including hyphens (-) and underscores (_) | |
+-----------------------+----------------------------------------------------------------------------+-----------------------+
+-----------------------+------------------------------------------------------------------------+-----------------------+
.. _en-us_topic_0013935842__table6536185812515:

27
umn/source/vpc_and_subnet/vpc/managing_vpc_tags.rst
View File

@ -16,11 +16,11 @@ A tag consists of a key and value pair. :ref:`Table 1 <vpc_vpc_0004__ted9687ca14
.. table:: **Table 1** VPC tag key and value requirements
+-----------------------+----------------------------------------------------------------------------+-----------------------+
+-----------------------+------------------------------------------------------------------------+-----------------------+
| Parameter | Requirements | Example Value |
+=======================+============================================================================+=======================+
+=======================+========================================================================+=======================+
| Key | - Cannot be left blank. | vpc_key1 |
| | - Must be unique for the same VPC and can be the same for different VPCs. | |
| | - Must be unique for each VPC and can be the same for different VPCs. | |
| | - Can contain a maximum of 36 characters. | |
| | - Can contain only the following character types: | |
| | | |
@ -28,7 +28,7 @@ A tag consists of a key and value pair. :ref:`Table 1 <vpc_vpc_0004__ted9687ca14
| | - Lowercase letters | |
| | - Digits | |
| | - Special characters, including hyphens (-) and underscores (_) | |
+-----------------------+----------------------------------------------------------------------------+-----------------------+
+-----------------------+------------------------------------------------------------------------+-----------------------+
| Value | - Can contain a maximum of 43 characters. | vpc-01 |
| | - Can contain only the following character types: | |
| | | |
@ -36,7 +36,7 @@ A tag consists of a key and value pair. :ref:`Table 1 <vpc_vpc_0004__ted9687ca14
| | - Lowercase letters | |
| | - Digits | |
| | - Special characters, including hyphens (-) and underscores (_) | |
+-----------------------+----------------------------------------------------------------------------+-----------------------+
+-----------------------+------------------------------------------------------------------------+-----------------------+
Procedure
---------
@ -44,24 +44,15 @@ Procedure
**Search for VPCs by tag key and value on the page showing the VPC list.**
#. Log in to the management console.
#. Click |image1| in the upper left corner and select the desired region and project.
#. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**.
#. In the search box above the VPC list, click the search box.
#. In the upper right corner of the VPC list, click **Search by Tag**.
a. Click **Tag**.
#. In the displayed area, enter the tag key and value of the VPC you are looking for.
b. Select the target tags and click **OK**.
Both the tag key and value must be specified. The system automatically displays the VPCs you are looking for if both the tag key and value are matched.
#. Click + to add more tag keys and values.
You can add multiple tag keys and values to refine your search results. If you add more than one tag to search for VPCs, the VPCs containing all specified tags will be displayed.
#. Click **Search**.
The system displays the VPCs you are looking for based on the entered tag keys and values.
The system filters resources based on the tags you select.
**Add, delete, edit, and view tags on the Tags tab of a VPC.**

2
umn/source/vpc_and_subnet/vpc/obtaining_a_vpc_id.rst
View File

@ -25,7 +25,7 @@ Procedure
The VPC details page is displayed.
5. In the **VPC Information area**, view the VPC ID.
5. In the **VPC Information** area, view the VPC ID.
Click |image3| next to ID to copy the VPC ID.

2
umn/source/vpc_peering_connection/creating_a_vpc_peering_connection_with_a_vpc_in_another_account.rst
View File

@ -35,7 +35,7 @@ Notes and Constraints
- For a VPC peering connection between VPCs in different accounts:
- If account A initiates a request to create a VPC peering connection with a VPC in another B, the VPC peering connection takes effect only after account B accepts the request.
- If account A initiates a request to create a VPC peering connection with a VPC in account B, the VPC peering connection takes effect only after account B accepts the request.
- To ensure network security, do not accept VPC peering connections from unknown accounts.
Prerequisites