diff --git a/umn/source/_static/images/en-us_image_0000001818823258.png b/umn/source/_static/images/en-us_image_0000001818823258.png deleted file mode 100644 index a3ec979..0000000 Binary files a/umn/source/_static/images/en-us_image_0000001818823258.png and /dev/null differ diff --git a/umn/source/_static/images/en-us_image_0000001818983038.png b/umn/source/_static/images/en-us_image_0000001818983038.png deleted file mode 100644 index d6154ba..0000000 Binary files a/umn/source/_static/images/en-us_image_0000001818983038.png and /dev/null differ diff --git a/umn/source/_static/images/en-us_image_0000001865582789.png b/umn/source/_static/images/en-us_image_0000001865582789.png new file mode 100644 index 0000000..92cd504 Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000001865582789.png differ diff --git a/umn/source/_static/images/en-us_image_0000001865582793.png b/umn/source/_static/images/en-us_image_0000001865582793.png new file mode 100644 index 0000000..0587b67 Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000001865582793.png differ diff --git a/umn/source/_static/images/en-us_image_0000001865662813.png b/umn/source/_static/images/en-us_image_0000001865662813.png new file mode 100644 index 0000000..9c32482 Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000001865662813.png differ diff --git a/umn/source/_static/images/en-us_image_0000001865674836.png b/umn/source/_static/images/en-us_image_0000001865674836.png new file mode 100644 index 0000000..73149eb Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000001865674836.png differ diff --git a/umn/source/_static/images/en-us_image_0000001865684752.png b/umn/source/_static/images/en-us_image_0000001865684752.png new file mode 100644 index 0000000..fed32d8 Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000001865684752.png differ diff --git a/umn/source/_static/images/en-us_image_0000001865828728.png b/umn/source/_static/images/en-us_image_0000001865828728.png new file mode 100644 index 0000000..e308d67 Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000001865828728.png differ diff --git a/umn/source/_static/images/en-us_image_0000001865833004.png b/umn/source/_static/images/en-us_image_0000001865833004.png new file mode 100644 index 0000000..d67dfd8 Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000001865833004.png differ diff --git a/umn/source/_static/images/en-us_image_0000001865837676.png b/umn/source/_static/images/en-us_image_0000001865837676.png new file mode 100644 index 0000000..267f2de Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000001865837676.png differ diff --git a/umn/source/_static/images/en-us_image_0000001865884494.png b/umn/source/_static/images/en-us_image_0000001865884494.png new file mode 100644 index 0000000..eaa0302 Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000001865884494.png differ diff --git a/umn/source/_static/images/en-us_image_0000001865898552.png b/umn/source/_static/images/en-us_image_0000001865898552.png new file mode 100644 index 0000000..5aa7f83 Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000001865898552.png differ diff --git a/umn/source/_static/images/en-us_image_0000001866046474.png b/umn/source/_static/images/en-us_image_0000001866046474.png new file mode 100644 index 0000000..8bbd514 Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000001866046474.png differ diff --git a/umn/source/_static/images/en-us_image_0000001866063864.png b/umn/source/_static/images/en-us_image_0000001866063864.png new file mode 100644 index 0000000..51d37f5 Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000001866063864.png differ diff --git a/umn/source/_static/images/en-us_image_0000001911771617.png b/umn/source/_static/images/en-us_image_0000001911771617.png new file mode 100644 index 0000000..51d37f5 Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000001911771617.png differ diff --git a/umn/source/_static/images/en-us_image_0000001911842313.png b/umn/source/_static/images/en-us_image_0000001911842313.png new file mode 100644 index 0000000..a93b49a Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000001911842313.png differ diff --git a/umn/source/_static/images/en-us_image_0000001911849797.png b/umn/source/_static/images/en-us_image_0000001911849797.png new file mode 100644 index 0000000..53e6dfa Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000001911849797.png differ diff --git a/umn/source/_static/images/en-us_image_0000001911853289.png b/umn/source/_static/images/en-us_image_0000001911853289.png new file mode 100644 index 0000000..e2ad780 Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000001911853289.png differ diff --git a/umn/source/access_control/firewall/managing_firewalls/viewing_a_firewall.rst b/umn/source/access_control/firewall/managing_firewalls/viewing_a_firewall.rst index cc23223..946272d 100644 --- a/umn/source/access_control/firewall/managing_firewalls/viewing_a_firewall.rst +++ b/umn/source/access_control/firewall/managing_firewalls/viewing_a_firewall.rst @@ -27,5 +27,11 @@ Procedure 6. On the displayed page, click the **Inbound Rules**, **Outbound Rules**, and **Associated Subnets** tabs one by one to view details about inbound rules, outbound rules, and subnet associations. + + .. figure:: /_static/images/en-us_image_0000001865684752.png + :alt: **Figure 1** Viewing a firewall + + **Figure 1** Viewing a firewall + .. |image1| image:: /_static/images/en-us_image_0000001818982734.png .. |image2| image:: /_static/images/en-us_image_0000001865662773.png diff --git a/umn/source/access_control/security_group/managing_instances_associated_with_a_security_group/viewing_the_security_group_of_an_ecs.rst b/umn/source/access_control/security_group/managing_instances_associated_with_a_security_group/viewing_the_security_group_of_an_ecs.rst index 7a4af4d..f27cd52 100644 --- a/umn/source/access_control/security_group/managing_instances_associated_with_a_security_group/viewing_the_security_group_of_an_ecs.rst +++ b/umn/source/access_control/security_group/managing_instances_associated_with_a_security_group/viewing_the_security_group_of_an_ecs.rst @@ -29,5 +29,11 @@ Procedure You can view the security groups associated with the ECS and the inbound and outbound rules. + + .. figure:: /_static/images/en-us_image_0000001911842313.png + :alt: **Figure 1** View the security group of an ECS + + **Figure 1** View the security group of an ECS + .. |image1| image:: /_static/images/en-us_image_0000001818982734.png .. |image2| image:: /_static/images/en-us_image_0000001818982866.png diff --git a/umn/source/access_control/security_group/managing_security_group_rules/adding_a_security_group_rule.rst b/umn/source/access_control/security_group/managing_security_group_rules/adding_a_security_group_rule.rst index 678c639..9a88e67 100644 --- a/umn/source/access_control/security_group/managing_security_group_rules/adding_a_security_group_rule.rst +++ b/umn/source/access_control/security_group/managing_security_group_rules/adding_a_security_group_rule.rst @@ -71,36 +71,36 @@ Procedure .. table:: **Table 1** Inbound rule parameter description - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Parameter | Description | Example Value | - +=======================+====================================================================================================================================================================================================================================================================================================================================================================================================================+=======================+ - | Protocol & Port | The network protocol used to match traffic in a security group rule. | TCP | - | | | | - | | Currently, the value can be **All**, **TCP**, **UDP**, **GRE**, **ICMP**, or more. | | - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | | **Port**: The port or port range over which traffic can reach your ECS. The value can be from 1 to 65535. | 22, or 22-30 | - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Type | Source IP address version. You can select: | IPv4 | - | | | | - | | - IPv4 | | - | | - IPv6 | | - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Source | Source of the security group rule. The value can be an IP address, a security group, or an IP address group to allow access from IP addresses or instances in the security group. For example: | 0.0.0.0/0 | - | | | | - | | - IP address: | | - | | | | - | | - Single IP address: 192.168.10.10/32 | | - | | - All IP addresses: 0.0.0.0/0 | | - | | - IP address range: 192.168.1.0/24 | | - | | | | - | | - **Security group**: The source is from another security group. You can select a security group in the same region under the current account from the drop-down list. Instance A is in security group A and instance B is in security group B. If security group A has an inbound rule with **Action** set to **Allow** and **Source** set to security group B, access from instance B is allowed to instance A. | | - | | | | - | | If the source is a security group, this rule will apply to all instances associated with the selected security group. | | - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Description | Supplementary information about the security group rule. This parameter is optional. | N/A | - | | | | - | | The security group rule description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Parameter | Description | Example Value | + +=======================+===============================================================================================================================================================================================================================================================================================================================================================+=======================+ + | Protocol & Port | The network protocol used to match traffic in a security group rule. | TCP | + | | | | + | | Currently, the value can be **All**, **TCP**, **UDP**, **GRE**, **ICMP**, or more. | | + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | | **Port**: The port or port range over which traffic can reach your ECS. The value can be from 1 to 65535. | 22, or 22-30 | + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Type | Source IP address version. You can select: | IPv4 | + | | | | + | | - IPv4 | | + | | - IPv6 | | + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Source | Source of the security group rule. The value can be an IP address or a security group to allow access from IP addresses or instances in the security group. | 0.0.0.0/0 | + | | | | + | | - IP address: | | + | | | | + | | - Single IP address: 192.168.10.10/32 | | + | | - All IP addresses: 0.0.0.0/0 | | + | | - IP address range: 192.168.1.0/24 | | + | | | | + | | - **Security group**: The source is from another security group. You can select a security group in the same region from the drop-down list. If there is instance A in security group A and instance B in security group B, and the inbound rule of security group A allows traffic from security group B, traffic is allowed from instance B to instance A. | | + | | | | + | | If the source is a security group, this rule will apply to all instances associated with the selected security group. | | + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Description | Supplementary information about the security group rule. This parameter is optional. | N/A | + | | | | + | | The security group rule description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ #. Click **OK**. @@ -122,34 +122,34 @@ Procedure .. table:: **Table 2** Outbound rule parameter description - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Parameter | Description | Example Value | - +=======================+============================================================================================================================================================================================================================================================================================================================================================================================================================================+=======================+ - | Protocol & Port | The network protocol used to match traffic in a security group rule. | TCP | - | | | | - | | Currently, the value can be **All**, **TCP**, **UDP**, **GRE**, **ICMP**, or more. | | - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | | **Port**: The port or port range over which traffic can leave your ECS. The value can be from 1 to 65535. | 22, or 22-30 | - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Type | Source IP address version. You can select: | IPv4 | - | | | | - | | - IPv4 | | - | | - IPv6 | | - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Destination | Destination of the security group rule. The value can be an IP address or a security group to allow access to IP addresses or instances in the security group. For example: | 0.0.0.0/0 | - | | | | - | | - IP address: | | - | | | | - | | - Single IP address: 192.168.10.10/32 | | - | | - All IP addresses: 0.0.0.0/0 | | - | | - IP address range: 192.168.1.0/24 | | - | | | | - | | - **Security group**: The destination is from another security group. You can select a security group in the same region under the current account from the drop-down list. For example, instance A is in security group A and instance B is in security group B. If security group A has an outbound rule with **Action** set to **Allow** and **Destination** set to security group B, access from instance A is allowed to instance B. | | - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Description | Supplementary information about the security group rule. This parameter is optional. | N/A | - | | | | - | | The security group rule description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Parameter | Description | Example Value | + +=======================+===============================================================================================================================================================================================================================================================================================================================================================+=======================+ + | Protocol & Port | The network protocol used to match traffic in a security group rule. | TCP | + | | | | + | | Currently, the value can be **All**, **TCP**, **UDP**, **GRE**, **ICMP**, or more. | | + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | | **Port**: The port or port range over which traffic can leave your ECS. The value can be from 1 to 65535. | 22, or 22-30 | + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Type | Source IP address version. You can select: | IPv4 | + | | | | + | | - IPv4 | | + | | - IPv6 | | + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Destination | Destination of the security group rule. The value can be an IP address or a security group to allow access to IP addresses or instances in the security group. | 0.0.0.0/0 | + | | | | + | | - IP address: | | + | | | | + | | - Single IP address: 192.168.10.10/32 | | + | | - All IP addresses: 0.0.0.0/0 | | + | | - IP address range: 192.168.1.0/24 | | + | | | | + | | - **Security group**: The source is from another security group. You can select a security group in the same region from the drop-down list. If there is instance A in security group A and instance B in security group B, and the inbound rule of security group A allows traffic from security group B, traffic is allowed from instance B to instance A. | | + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Description | Supplementary information about the security group rule. This parameter is optional. | N/A | + | | | | + | | The security group rule description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ #. Click **OK**. diff --git a/umn/source/access_control/security_group/managing_security_group_rules/fast-adding_security_group_rules.rst b/umn/source/access_control/security_group/managing_security_group_rules/fast-adding_security_group_rules.rst index 728565d..9b754de 100644 --- a/umn/source/access_control/security_group/managing_security_group_rules/fast-adding_security_group_rules.rst +++ b/umn/source/access_control/security_group/managing_security_group_rules/fast-adding_security_group_rules.rst @@ -43,34 +43,33 @@ Procedure .. table:: **Table 1** Inbound rule parameter description - +-----------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Parameter | Description | Example Value | - +=======================+====================================================================================================================================================================================================+=======================+ - | Protocols and Ports | Common protocols and ports are provided for: | SSH (22) | - | | | | - | | - Remote login and ping | | - | | - Web services | | - | | - Databases | | - +-----------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Type | Source IP address version. You can select: | IPv4 | - | | | | - | | - IPv4 | | - | | - IPv6 | | - +-----------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Source | Source of the security group rule. The value can be an IP address, an IP address group, or a security group to allow access from IP addresses or instances in the security group. You can specify: | 0.0.0.0/0 | - | | | | - | | - xxx.xxx.xxx.xxx/32 (IPv4 address) | | - | | - xxx.xxx.xxx.0/24 (IPv4 address range) | | - | | - 0.0.0.0/0 (all IPv4 addresses) | | - | | - sg-abc (security group) | | - | | - IP address group: ipGroup-test | | - | | | | - | | If the source is a security group, this rule will apply to all instances associated with the selected security group. | | - +-----------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Description | (Optional) Supplementary information about the security group rule. | ``-`` | - | | | | - | | The description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | - +-----------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + +-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Parameter | Description | Example Value | + +=======================+==============================================================================================================================================================================+=======================+ + | Protocols and Ports | Common protocols and ports are provided for: | SSH (22) | + | | | | + | | - Remote login and ping | | + | | - Web services | | + | | - Databases | | + +-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Type | Source IP address version. You can select: | IPv4 | + | | | | + | | - IPv4 | | + | | - IPv6 | | + +-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Source | Source of the security group rule. The value can be an IP address or a security group to allow access from IP addresses or instances in the security group. You can specify: | 0.0.0.0/0 | + | | | | + | | - xxx.xxx.xxx.xxx/32 (IPv4 address) | | + | | - xxx.xxx.xxx.0/24 (IPv4 address range) | | + | | - 0.0.0.0/0 (all IPv4 addresses) | | + | | - sg-abc (security group) | | + | | | | + | | If the source is a security group, this rule will apply to all instances associated with the selected security group. | | + +-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Description | (Optional) Supplementary information about the security group rule. | ``-`` | + | | | | + | | The description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | + +-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ 8. Click **OK**. @@ -90,32 +89,31 @@ Procedure .. table:: **Table 2** Outbound rule parameter description - +-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Parameter | Description | Example Value | - +=======================+=======================================================================================================================================================================================================+=======================+ - | Protocols and Ports | Common protocols and ports are provided for: | SSH (22) | - | | | | - | | - Remote login and ping | | - | | - Web services | | - | | - Databases | | - +-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Type | Source IP address version. You can select: | IPv4 | - | | | | - | | - IPv4 | | - | | - IPv6 | | - +-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Destination | Destination of the security group rule. The value can be an IP address, an IP address group, or a security group to allow access to IP addresses or instances in the security group. You can specify: | 0.0.0.0/0 | - | | | | - | | - xxx.xxx.xxx.xxx/32 (IPv4 address) | | - | | - xxx.xxx.xxx.0/24 (IPv4 address range) | | - | | - 0.0.0.0/0 (all IPv4 addresses) | | - | | - sg-abc (security group) | | - | | - IP address group: ipGroup-test | | - +-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Description | (Optional) Supplementary information about the security group rule. | ``-`` | - | | | | - | | The description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | - +-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Parameter | Description | Example Value | + +=======================+=================================================================================================================================================================================+=======================+ + | Protocols and Ports | Common protocols and ports are provided for: | SSH (22) | + | | | | + | | - Remote login and ping | | + | | - Web services | | + | | - Databases | | + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Type | Source IP address version. You can select: | IPv4 | + | | | | + | | - IPv4 | | + | | - IPv6 | | + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Destination | Destination of the security group rule. The value can be an IP address or a security group to allow access to IP addresses or instances in the security group. You can specify: | 0.0.0.0/0 | + | | | | + | | - xxx.xxx.xxx.xxx/32 (IPv4 address) | | + | | - xxx.xxx.xxx.0/24 (IPv4 address range) | | + | | - 0.0.0.0/0 (all IPv4 addresses) | | + | | - sg-abc (security group) | | + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Description | (Optional) Supplementary information about the security group rule. | ``-`` | + | | | | + | | The description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ 11. Click **OK**. diff --git a/umn/source/access_control/security_group/managing_security_group_rules/importing_and_exporting_security_group_rules.rst b/umn/source/access_control/security_group/managing_security_group_rules/importing_and_exporting_security_group_rules.rst index 3794d25..640c9d5 100644 --- a/umn/source/access_control/security_group/managing_security_group_rules/importing_and_exporting_security_group_rules.rst +++ b/umn/source/access_control/security_group/managing_security_group_rules/importing_and_exporting_security_group_rules.rst @@ -53,42 +53,41 @@ Procedure .. table:: **Table 1** Template parameters - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------+ - | Parameter | Description | Example Value | - +=======================+====================================================================================================================================================================================================================================================================================================================================================================================================================+====================================+ - | Direction | The direction in which the security group rule takes effect. | Inbound | - | | | | - | | - **Inbound**: Inbound rules control incoming traffic to instances in the security group. | | - | | - **Outbound**: Outbound rules control outgoing traffic from instances in the security group. | | - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------+ - | Protocol & Port | The network protocol used to match traffic in a security group rule. | TCP | - | | | | - | | Currently, the value can be **All**, **TCP**, **UDP**, **GRE**, **ICMP**, or more. | | - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------+ - | | **Port**: The port or port range over which traffic can reach your ECS. The value can be from 1 to 65535. | 22, or 22-30 | - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------+ - | Type | Source IP address version. You can select: | IPv4 | - | | | | - | | - IPv4 | | - | | - IPv6 | | - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------+ - | Source | Source of the security group rule. The value can be an IP address, a security group, or an IP address group to allow access from IP addresses or instances in the security group. For example: | sg-test[96a8a93f-XXX-d7872990c314] | - | | | | - | | - IP address: | | - | | | | - | | - Single IP address: 192.168.10.10/32 | | - | | - All IP addresses: 0.0.0.0/0 | | - | | - IP address range: 192.168.1.0/24 | | - | | | | - | | - **Security group**: The source is from another security group. You can select a security group in the same region under the current account from the drop-down list. Instance A is in security group A and instance B is in security group B. If security group A has an inbound rule with **Action** set to **Allow** and **Source** set to security group B, access from instance B is allowed to instance A. | | - | | - **IP address group**: The source is an IP address group. An IP address group is a collection of one or more IP addresses. You can select an available IP address group from the drop-down list. An IP address group can help you manage IP address ranges and IP addresses with same security requirements in a more simple way. | | - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------+ - | Destination | Destination of the security group rule. The value can be an IP address or a security group to allow access to IP addresses or instances in the security group. For example: | sg-test[96a8a93f-XXX-d7872990c314] | - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------+ - | Description | (Optional) Supplementary information about the security group rule. | ``-`` | - | | | | - | | The route description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------+ + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------+ + | Parameter | Description | Example Value | + +=======================+===============================================================================================================================================================================================================================================================================================================================================================+====================================+ + | Direction | The direction in which the security group rule takes effect. | Inbound | + | | | | + | | - **Inbound**: Inbound rules control incoming traffic to instances in the security group. | | + | | - **Outbound**: Outbound rules control outgoing traffic from instances in the security group. | | + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------+ + | Protocol & Port | The network protocol used to match traffic in a security group rule. | TCP | + | | | | + | | Currently, the value can be **All**, **TCP**, **UDP**, **GRE**, **ICMP**, or more. | | + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------+ + | | **Port**: The port or port range over which traffic can reach your ECS. The value can be from 1 to 65535. | 22, or 22-30 | + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------+ + | Type | Source IP address version. You can select: | IPv4 | + | | | | + | | - IPv4 | | + | | - IPv6 | | + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------+ + | Source | Source of the security group rule. The value can be an IP address or a security group to allow access from IP addresses or instances in the security group. | sg-test[96a8a93f-XXX-d7872990c314] | + | | | | + | | - IP address: | | + | | | | + | | - Single IP address: 192.168.10.10/32 | | + | | - All IP addresses: 0.0.0.0/0 | | + | | - IP address range: 192.168.1.0/24 | | + | | | | + | | - **Security group**: The source is from another security group. You can select a security group in the same region from the drop-down list. If there is instance A in security group A and instance B in security group B, and the inbound rule of security group A allows traffic from security group B, traffic is allowed from instance B to instance A. | | + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------+ + | Destination | Destination of the security group rule. The value can be an IP address or a security group to allow access to IP addresses or instances in the security group. | sg-test[96a8a93f-XXX-d7872990c314] | + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------+ + | Description | (Optional) Supplementary information about the security group rule. | ``-`` | + | | | | + | | The route description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------+ .. |image1| image:: /_static/images/en-us_image_0000001818982734.png .. |image2| image:: /_static/images/en-us_image_0000001865582585.png diff --git a/umn/source/access_control/security_group/security_groups_and_security_group_rules.rst b/umn/source/access_control/security_group/security_groups_and_security_group_rules.rst index 2599b51..94be088 100644 --- a/umn/source/access_control/security_group/security_groups_and_security_group_rules.rst +++ b/umn/source/access_control/security_group/security_groups_and_security_group_rules.rst @@ -26,7 +26,7 @@ Security Group Basics .. important:: - After a persistent connection is disconnected, new connections will not be established immediately until the timeout period of connection tracking expires. For example, after an ICMP persistent connection is disconnected, a new connection will be established and a new rule will apply when the timeout period (30s) expires. + After a persistent connection is disconnected, new connections will not be established immediately until the timeout period of connection tracking expires. For example, after an ICMP persistent connection is disconnected, a new connection will be established and a new rule will be applied when the timeout period (30s) expires. - The timeout period of connection tracking varies by protocol. The timeout period of a TCP connection in the established state is 600s, and that of an ICMP connection is 30s. For other protocols, if packets are received in both inbound and outbound directions, the connection tracking timeout period is 180s. If packets are received only in one direction, the connection tracking timeout period is 30s. - The timeout period of TCP connections varies by connection status. The timeout period of a TCP connection in the established state is 600s, and that of a TCP connection in the FIN-WAIT state is 30s. @@ -40,46 +40,42 @@ A security group has inbound and outbound rules to control traffic that's allowe .. table:: **Table 1** Security group rule information - +-----------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | Parameter | Description | - +===================================+=====================================================================================================================================================================================================================================+ - | Protocol | The network protocol used to match traffic in a security group rule. Currently, the value can be **All**, **TCP**, **UDP**, **GRE**, **ICMP**, or more. | - +-----------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | Port | Destination port used to match traffic in a security group rule. The value can be from 1 to 65535. | - | | | - | | - Inbound rules control incoming traffic over specific ports to instances in the security group. | - | | - Outbound rules control outgoing traffic over specific ports from instances in the security group. | - +-----------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | Source (Inbound) | The source in an inbound rule is used to match the IP address or address range of an external request. The source can be: | - | | | - | | - IP address: | - | | | - | | - Example IPv4 address: 192.168.10.10/32 | - | | - Example IPv6 address: 2002:50::44/128 | - | | - Example IPv4 address range: 192.168.52.0/24 All IPv4 addresses: 0.0.0.0/0 | - | | - Example IPv6 address range: 2407:c080:802:469::/64 All IPv6 addresses: ::/0 | - | | | - | | - Security group: You can select another security group in the same region under the current account as the source. | - | | | - | | For example, instance A is in security group A and instance B is in security group B. If security group A has a rule with **Source** set to security group B, access from instance B is allowed to instance A. | - | | | - | | - IP address group: If you have multiple IP address ranges and IP addresses with same security requirements, add them to an IP address group and select the group as the source to help you manage them in a more simple way. | - +-----------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - | Destination (Outbound) | The destination in an outbound rule is used to match the IP address or address range of an internal request. The destination can be: | - | | | - | | - IP address: | - | | | - | | - Example IPv4 address: 192.168.10.10/32 | - | | - Example IPv6 address: 2002:50::44/128 | - | | - Example IPv4 address range: 192.168.52.0/24 All IPv4 addresses: 0.0.0.0/0 | - | | - Example IPv6 address range: 2407:c080:802:469::/64 All IPv6 addresses: ::/0 | - | | | - | | - Security group: You can select another security group in the same region under the current account as the destination. | - | | | - | | For example, instance A is in security group A and instance B is in security group B. If security group A has a rule with **Destination** set to security group B, access from instance A is allowed to instance B. | - | | | - | | - IP address group: If you have multiple IP address ranges and IP addresses with same security requirements, add them to an IP address group and select the group as the destination to help you manage them in a more simple way. | - +-----------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Parameter | Description | + +===================================+========================================================================================================================================================================================================================+ + | Protocol | The network protocol used to match traffic in a security group rule. Currently, the value can be **All**, **TCP**, **UDP**, **GRE**, **ICMP**, or more. | + +-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Port | Destination port used to match traffic in a security group rule. The value can be from 1 to 65535. | + | | | + | | - Inbound rules control incoming traffic over specific ports to instances in the security group. | + | | - Outbound rules control outgoing traffic over specific ports from instances in the security group. | + +-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Source (Inbound) | The source in an inbound rule is used to match the IP address or address range of an external request. The source can be: | + | | | + | | - IP address: | + | | | + | | - Example IPv4 address: 192.168.10.10/32 | + | | - Example IPv6 address: 2002:50::44/128 | + | | - Example IPv4 address range: 192.168.52.0/24 All IPv4 addresses: 0.0.0.0/0 | + | | - Example IPv6 address range: 2407:c080:802:469::/64 All IPv6 addresses: ::/0 | + | | | + | | - Security group: You can select another security group in the same region under the current account as the source. | + | | | + | | For example, instance A is in security group A and instance B is in security group B. If security group A has a rule with **Source** set to security group B, access from instance B is allowed to instance A. | + +-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Destination (Outbound) | The destination in an outbound rule is used to match the IP address or address range of an internal request. The destination can be: | + | | | + | | - IP address: | + | | | + | | - Example IPv4 address: 192.168.10.10/32 | + | | - Example IPv6 address: 2002:50::44/128 | + | | - Example IPv4 address range: 192.168.52.0/24 All IPv4 addresses: 0.0.0.0/0 | + | | - Example IPv6 address range: 2407:c080:802:469::/64 All IPv6 addresses: ::/0 | + | | | + | | - Security group: You can select another security group in the same region under the current account as the destination. | + | | | + | | For example, instance A is in security group A and instance B is in security group B. If security group A has a rule with **Destination** set to security group B, access from instance A is allowed to instance B. | + +-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ Like whitelists, security group rules work as follows: @@ -130,6 +126,31 @@ Like whitelists, security group rules work as follows: You can use :ref:`VPC peering connections ` to connect VPCs in different regions. +Security Group Configuration Process +------------------------------------ + + +.. figure:: /_static/images/en-us_image_0000001865662813.png + :alt: **Figure 1** Security group configuration process + + **Figure 1** Security group configuration process + +.. table:: **Table 3** Security group configuration process description + + +-----------------+--------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------+ + | No. | Step | Description | Reference | + +=================+======================================+======================================================================================================================================================================================================================================================================+=================================================================================================+ + | 1 | Create a security group. | When creating a security group, you can select a template, such **General-purpose web server** or **All ports open**. A template contains preset security group rules. For details, see :ref:`Security group templates `. | :ref:`Creating a Security Group ` | + +-----------------+--------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------+ + | 2 | Configure security group rules. | After a security group is created, if its rules cannot meet your service requirements, you can add new rules to the security group or modify original rules. | :ref:`Adding a Security Group Rule ` | + | | | | | + | | | | :ref:`Fast-Adding Security Group Rules ` | + +-----------------+--------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------+ + | 3 | Add instances to the security group. | When you create an instance, the system automatically adds the instance to a security group for protection. | :ref:`Adding an Instance to or Removing an Instance from a Security Group ` | + | | | | | + | | | If one security group cannot meet your requirements, you can add an instance to multiple security groups. | | + +-----------------+--------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------+ + Security Group Constraints -------------------------- diff --git a/umn/source/change_history.rst b/umn/source/change_history.rst index 60f070c..683dc21 100644 --- a/umn/source/change_history.rst +++ b/umn/source/change_history.rst @@ -8,6 +8,18 @@ Change History +-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | Released On | Description | +===================================+==================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================+ +| 2024-04-25 | This release incorporates the following changes: | +| | | +| | - Modified the procedure for deleting routes for a VPC peering connection between VPCs in different accounts in :ref:`Deleting Routes Configured for a VPC Peering Connection `. | +| | - Modified the figure for creating a route table in :ref:`Creating a Custom Route Table `. | +| | - Modified the figure for adding a custom route in :ref:`Adding a Custom Route `. | +| | - Added descriptions about **Destination Type** in :ref:`Adding a Custom Route ` and :ref:`Modifying a Route `. | +| | - Added descriptions about security group templates in the table "Security group configuration process description" in :ref:`Security Groups and Security Group Rules `. | +| | - Modified descriptions about the security groups in the parameter descriptions in :ref:`Adding a Security Group Rule ` and :ref:`Importing and Exporting Security Group Rules `. | +| | - Added step links in :ref:`Configuring a VPC for ECSs That Do Not Require Internet Access ` and :ref:`Configuring a VPC for ECSs That Access the Internet Using EIPs `. | +| | - Added figures for creating and viewing resources. | +| | - Deleted the content related to the IP address groups. | ++-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | 2024-04-22 | This release incorporates the following changes: | | | | | | - Added description about security group templates and related operations in :ref:`Creating a Security Group `. | diff --git a/umn/source/elastic_ip/assigning_an_eip_and_binding_it_to_an_ecs.rst b/umn/source/elastic_ip/assigning_an_eip_and_binding_it_to_an_ecs.rst index c8bcb14..0015206 100644 --- a/umn/source/elastic_ip/assigning_an_eip_and_binding_it_to_an_ecs.rst +++ b/umn/source/elastic_ip/assigning_an_eip_and_binding_it_to_an_ecs.rst @@ -131,7 +131,7 @@ After an ECS with an EIP bound is created, the system generates a domain name in You can use any of the following commands to obtain the domain name of an EIP: -- ping -a *EIP* +- ping -an *EIP* - nslookup [-qt=ptr] *EIP* - dig -x *EIP* diff --git a/umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/index.rst b/umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/index.rst index cb54a1b..7427416 100644 --- a/umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/index.rst +++ b/umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/index.rst @@ -5,138 +5,6 @@ Configuring a VPC for ECSs That Access the Internet Using EIPs ============================================================== -#. Log in to the management console. - -#. Click |image1| in the upper left corner and select the desired region and project. - -#. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**. - - The **Virtual Private Cloud** page is displayed. - -#. Click **Create VPC**. - -#. On the **Create VPC** page, set parameters as prompted. - - A default subnet will be created together with a VPC and you can also click **Add Subnet** to create more subnets for the VPC. - - .. table:: **Table 1** VPC parameter descriptions - - +-------------------------------------+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ - | Category | Parameter | Description | Example Value | - +=====================================+========================+=============================================================================================================================================================================================================================================================+=====================+ - | Basic Information | Region | Select the region nearest to you to ensure the lowest latency possible. | eu-de | - +-------------------------------------+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ - | Basic Information | Name | The VPC name. | VPC-001 | - | | | | | - | | | The name can contain a maximum of 64 characters, which may consist of letters, digits, underscores (_), hyphens (-), and periods (.). The name cannot contain spaces. | | - +-------------------------------------+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ - | Basic Information | IPv4 CIDR Block | The CIDR block of the VPC. The CIDR block of a subnet can be the same as the CIDR block for the VPC (for a single subnet in the VPC) or a subset of the CIDR block for the VPC (for multiple subnets in the VPC). | 192.168.0.0/16 | - | | | | | - | | | The following CIDR blocks are supported: | | - | | | | | - | | | 10.0.0.0/8-24 | | - | | | | | - | | | 172.16.0.0/12-24 | | - | | | | | - | | | 192.168.0.0/16-24 | | - +-------------------------------------+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ - | Basic Information | Enterprise Project | The enterprise project to which the VPC belongs. | default | - | | | | | - | | | An enterprise project facilitates project-level management and grouping of cloud resources and users. The name of the default project is **default**. | | - +-------------------------------------+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ - | Basic Information/Advanced Settings | Tag | The VPC tag, which consists of a key and value pair. You can add a maximum of 20 tags to each VPC. | - Key: vpc_key1 | - | | | | - Value: vpc-01 | - | | | The tag key and value must meet the requirements listed in :ref:`Table 2 `. | | - +-------------------------------------+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ - | Basic Information/Advanced Settings | Description | Supplementary information about the VPC. This parameter is optional. | N/A | - | | | | | - | | | The VPC description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | - +-------------------------------------+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ - | Default Subnet | Name | The subnet name. | Subnet | - | | | | | - | | | The name can contain a maximum of 64 characters, which may consist of letters, digits, underscores (_), hyphens (-), and periods (.). The name cannot contain spaces. | | - +-------------------------------------+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ - | Default Subnet | IPv4 CIDR Block | The CIDR block for the subnet. This value must be within the VPC CIDR block. | 192.168.0.0/24 | - +-------------------------------------+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ - | Default Subnet | IPv6 CIDR Block | Specifies whether to set **IPv6 CIDR Block** to **Enable**. | ``-`` | - | | | | | - | | | After the IPv6 function is enabled, the system automatically assigns an IPv6 CIDR block to the created subnet. Currently, the IPv6 CIDR block cannot be customized. IPv6 cannot be disabled after the subnet is created. | | - +-------------------------------------+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ - | Default Subnet | Associated Route Table | The default route table to which the subnet will be associated. You can change the route table to a custom route table on the **Subnets** page. | Default | - +-------------------------------------+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ - | Default Subnet/Advanced Settings | Gateway | The gateway address of the subnet. | 192.168.0.1 | - +-------------------------------------+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ - | Default Subnet/Advanced Settings | DNS Server Address | By default, two DNS server addresses are configured. You can change them as required. A maximum of five DNS server addresses can be configured. Multiple IP addresses must be separated using commas (,). | 100.125.x.x | - +-------------------------------------+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ - | Default Subnet/Advanced Settings | NTP Server Address | The IP address of the NTP server. This parameter is optional. | 192.168.2.1 | - | | | | | - | | | You can configure the NTP server IP addresses to be added to the subnet as required. The IP addresses are added in addition to the default NTP server addresses. If you do not specify this parameter, no additional NTP server IP addresses will be added. | | - | | | | | - | | | A maximum of four IP addresses can be configured. Multiple IP addresses must be separated using commas (,). | | - +-------------------------------------+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ - | Default Subnet/Advanced Settings | Tag | The subnet tag, which consists of a key and value pair. You can add a maximum of 20 tags to each subnet. | - Key: subnet_key1 | - | | | | - Value: subnet-01 | - | | | The tag key and value must meet the requirements listed in :ref:`Table 3 `. | | - +-------------------------------------+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ - | Default Subnet/Advanced Settings | Description | Supplementary information about the subnet. This parameter is optional. | N/A | - | | | | | - | | | The subnet description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | - +-------------------------------------+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ - - .. _en-us_topic_0017816228__en-us_topic_0118498861_table248245914136: - - .. table:: **Table 2** VPC tag key and value requirements - - +-----------------------+------------------------------------------------------------------------+-----------------------+ - | Parameter | Requirements | Example Value | - +=======================+========================================================================+=======================+ - | Key | - Cannot be left blank. | vpc_key1 | - | | - Must be unique for each VPC and can be the same for different VPCs. | | - | | - Can contain a maximum of 36 characters. | | - | | - Can contain only the following character types: | | - | | | | - | | - Uppercase letters | | - | | - Lowercase letters | | - | | - Digits | | - | | - Special characters, including hyphens (-) and underscores (_) | | - +-----------------------+------------------------------------------------------------------------+-----------------------+ - | Value | - Can contain a maximum of 43 characters. | vpc-01 | - | | - Can contain only the following character types: | | - | | | | - | | - Uppercase letters | | - | | - Lowercase letters | | - | | - Digits | | - | | - Special characters, including hyphens (-) and underscores (_) | | - +-----------------------+------------------------------------------------------------------------+-----------------------+ - - .. _en-us_topic_0017816228__en-us_topic_0118498861_table6536185812515: - - .. table:: **Table 3** Subnet tag key and value requirements - - +-----------------------+---------------------------------------------------------------------+-----------------------+ - | Parameter | Requirements | Example Value | - +=======================+=====================================================================+=======================+ - | Key | - Cannot be left blank. | subnet_key1 | - | | - Must be unique for each subnet. | | - | | - Can contain a maximum of 36 characters. | | - | | - Can contain only the following character types: | | - | | | | - | | - Uppercase letters | | - | | - Lowercase letters | | - | | - Digits | | - | | - Special characters, including hyphens (-) and underscores (_) | | - +-----------------------+---------------------------------------------------------------------+-----------------------+ - | Value | - Can contain a maximum of 43 characters. | subnet-01 | - | | - Can contain only the following character types: | | - | | | | - | | - Uppercase letters | | - | | - Lowercase letters | | - | | - Digits | | - | | - Special characters, including hyphens (-) and underscores (_) | | - +-----------------------+---------------------------------------------------------------------+-----------------------+ - -#. Click **Create Now**. - - :ref:`Overview ` - :ref:`Step 1: Create a VPC ` - :ref:`Step 2: Create a Subnet for the VPC ` @@ -144,8 +12,12 @@ Configuring a VPC for ECSs That Access the Internet Using EIPs - :ref:`Step 4: Create a Security Group ` - :ref:`Step 5: Add a Security Group Rule ` -.. |image1| image:: /_static/images/en-us_image_0000001818982734.png -.. |image2| image:: /_static/images/en-us_image_0000001865663089.png +- :ref:`Overview ` +- :ref:`Step 1: Create a VPC ` +- :ref:`Step 2: Create a Subnet for the VPC ` +- :ref:`Step 3: Assign an EIP and Bind It to an ECS ` +- :ref:`Step 4: Create a Security Group ` +- :ref:`Step 5: Add a Security Group Rule ` .. toctree:: :maxdepth: 1 diff --git a/umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/step_1_create_a_vpc.rst b/umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/step_1_create_a_vpc.rst index 45cf1bd..2bedc57 100644 --- a/umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/step_1_create_a_vpc.rst +++ b/umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/step_1_create_a_vpc.rst @@ -29,6 +29,12 @@ Procedure A default subnet will be created together with a VPC and you can also click **Add Subnet** to create more subnets for the VPC. + + .. figure:: /_static/images/en-us_image_0000001865837676.png + :alt: **Figure 1** Create a VPC and subnet + + **Figure 1** Create a VPC and subnet + .. table:: **Table 1** VPC parameter descriptions +-------------------------------------+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ diff --git a/umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/step_3_assign_an_eip_and_bind_it_to_an_ecs.rst b/umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/step_3_assign_an_eip_and_bind_it_to_an_ecs.rst index 2a3e4d3..741979c 100644 --- a/umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/step_3_assign_an_eip_and_bind_it_to_an_ecs.rst +++ b/umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/step_3_assign_an_eip_and_bind_it_to_an_ecs.rst @@ -131,7 +131,7 @@ After an ECS with an EIP bound is created, the system generates a domain name in You can use any of the following commands to obtain the domain name of an EIP: -- ping -a *EIP* +- ping -an *EIP* - nslookup [-qt=ptr] *EIP* - dig -x *EIP* diff --git a/umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/step_5_add_a_security_group_rule.rst b/umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/step_5_add_a_security_group_rule.rst index 8d1886e..80c0e7a 100644 --- a/umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/step_5_add_a_security_group_rule.rst +++ b/umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/step_5_add_a_security_group_rule.rst @@ -65,36 +65,36 @@ Procedure .. table:: **Table 1** Inbound rule parameter description - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Parameter | Description | Example Value | - +=======================+====================================================================================================================================================================================================================================================================================================================================================================================================================+=======================+ - | Protocol & Port | The network protocol used to match traffic in a security group rule. | TCP | - | | | | - | | Currently, the value can be **All**, **TCP**, **UDP**, **GRE**, **ICMP**, or more. | | - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | | **Port**: The port or port range over which traffic can reach your ECS. The value can be from 1 to 65535. | 22, or 22-30 | - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Type | Source IP address version. You can select: | IPv4 | - | | | | - | | - IPv4 | | - | | - IPv6 | | - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Source | Source of the security group rule. The value can be an IP address, a security group, or an IP address group to allow access from IP addresses or instances in the security group. For example: | 0.0.0.0/0 | - | | | | - | | - IP address: | | - | | | | - | | - Single IP address: 192.168.10.10/32 | | - | | - All IP addresses: 0.0.0.0/0 | | - | | - IP address range: 192.168.1.0/24 | | - | | | | - | | - **Security group**: The source is from another security group. You can select a security group in the same region under the current account from the drop-down list. Instance A is in security group A and instance B is in security group B. If security group A has an inbound rule with **Action** set to **Allow** and **Source** set to security group B, access from instance B is allowed to instance A. | | - | | | | - | | If the source is a security group, this rule will apply to all instances associated with the selected security group. | | - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Description | Supplementary information about the security group rule. This parameter is optional. | N/A | - | | | | - | | The security group rule description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Parameter | Description | Example Value | + +=======================+===============================================================================================================================================================================================================================================================================================================================================================+=======================+ + | Protocol & Port | The network protocol used to match traffic in a security group rule. | TCP | + | | | | + | | Currently, the value can be **All**, **TCP**, **UDP**, **GRE**, **ICMP**, or more. | | + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | | **Port**: The port or port range over which traffic can reach your ECS. The value can be from 1 to 65535. | 22, or 22-30 | + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Type | Source IP address version. You can select: | IPv4 | + | | | | + | | - IPv4 | | + | | - IPv6 | | + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Source | Source of the security group rule. The value can be an IP address or a security group to allow access from IP addresses or instances in the security group. | 0.0.0.0/0 | + | | | | + | | - IP address: | | + | | | | + | | - Single IP address: 192.168.10.10/32 | | + | | - All IP addresses: 0.0.0.0/0 | | + | | - IP address range: 192.168.1.0/24 | | + | | | | + | | - **Security group**: The source is from another security group. You can select a security group in the same region from the drop-down list. If there is instance A in security group A and instance B in security group B, and the inbound rule of security group A allows traffic from security group B, traffic is allowed from instance B to instance A. | | + | | | | + | | If the source is a security group, this rule will apply to all instances associated with the selected security group. | | + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Description | Supplementary information about the security group rule. This parameter is optional. | N/A | + | | | | + | | The security group rule description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ #. Click **OK**. @@ -116,34 +116,34 @@ Procedure .. table:: **Table 2** Outbound rule parameter description - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Parameter | Description | Example Value | - +=======================+============================================================================================================================================================================================================================================================================================================================================================================================================================================+=======================+ - | Protocol & Port | The network protocol used to match traffic in a security group rule. | TCP | - | | | | - | | Currently, the value can be **All**, **TCP**, **UDP**, **GRE**, **ICMP**, or more. | | - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | | **Port**: The port or port range over which traffic can leave your ECS. The value can be from 1 to 65535. | 22, or 22-30 | - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Type | Source IP address version. You can select: | IPv4 | - | | | | - | | - IPv4 | | - | | - IPv6 | | - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Destination | Destination of the security group rule. The value can be an IP address or a security group to allow access to IP addresses or instances in the security group. For example: | 0.0.0.0/0 | - | | | | - | | - IP address: | | - | | | | - | | - Single IP address: 192.168.10.10/32 | | - | | - All IP addresses: 0.0.0.0/0 | | - | | - IP address range: 192.168.1.0/24 | | - | | | | - | | - **Security group**: The destination is from another security group. You can select a security group in the same region under the current account from the drop-down list. For example, instance A is in security group A and instance B is in security group B. If security group A has an outbound rule with **Action** set to **Allow** and **Destination** set to security group B, access from instance A is allowed to instance B. | | - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Description | Supplementary information about the security group rule. This parameter is optional. | N/A | - | | | | - | | The security group rule description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Parameter | Description | Example Value | + +=======================+===============================================================================================================================================================================================================================================================================================================================================================+=======================+ + | Protocol & Port | The network protocol used to match traffic in a security group rule. | TCP | + | | | | + | | Currently, the value can be **All**, **TCP**, **UDP**, **GRE**, **ICMP**, or more. | | + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | | **Port**: The port or port range over which traffic can leave your ECS. The value can be from 1 to 65535. | 22, or 22-30 | + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Type | Source IP address version. You can select: | IPv4 | + | | | | + | | - IPv4 | | + | | - IPv6 | | + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Destination | Destination of the security group rule. The value can be an IP address or a security group to allow access to IP addresses or instances in the security group. | 0.0.0.0/0 | + | | | | + | | - IP address: | | + | | | | + | | - Single IP address: 192.168.10.10/32 | | + | | - All IP addresses: 0.0.0.0/0 | | + | | - IP address range: 192.168.1.0/24 | | + | | | | + | | - **Security group**: The source is from another security group. You can select a security group in the same region from the drop-down list. If there is instance A in security group A and instance B in security group B, and the inbound rule of security group A allows traffic from security group B, traffic is allowed from instance B to instance A. | | + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Description | Supplementary information about the security group rule. This parameter is optional. | N/A | + | | | | + | | The security group rule description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ #. Click **OK**. diff --git a/umn/source/getting_started/configuring_a_vpc_for_ecss_that_do_not_require_internet_access/index.rst b/umn/source/getting_started/configuring_a_vpc_for_ecss_that_do_not_require_internet_access/index.rst index 8f4a5b5..8e660e4 100644 --- a/umn/source/getting_started/configuring_a_vpc_for_ecss_that_do_not_require_internet_access/index.rst +++ b/umn/source/getting_started/configuring_a_vpc_for_ecss_that_do_not_require_internet_access/index.rst @@ -11,6 +11,12 @@ Configuring a VPC for ECSs That Do Not Require Internet Access - :ref:`Step 3: Create a Security Group ` - :ref:`Step 4: Add a Security Group Rule ` +- :ref:`Overview ` +- :ref:`Step 1: Create a VPC ` +- :ref:`Step 2: Create a Subnet for the VPC ` +- :ref:`Step 3: Create a Security Group ` +- :ref:`Step 4: Add a Security Group Rule ` + .. toctree:: :maxdepth: 1 :hidden: diff --git a/umn/source/getting_started/configuring_a_vpc_for_ecss_that_do_not_require_internet_access/step_1_create_a_vpc.rst b/umn/source/getting_started/configuring_a_vpc_for_ecss_that_do_not_require_internet_access/step_1_create_a_vpc.rst index e02b7d5..67d42e6 100644 --- a/umn/source/getting_started/configuring_a_vpc_for_ecss_that_do_not_require_internet_access/step_1_create_a_vpc.rst +++ b/umn/source/getting_started/configuring_a_vpc_for_ecss_that_do_not_require_internet_access/step_1_create_a_vpc.rst @@ -29,6 +29,12 @@ Procedure A default subnet will be created together with a VPC and you can also click **Add Subnet** to create more subnets for the VPC. + + .. figure:: /_static/images/en-us_image_0000001865837676.png + :alt: **Figure 1** Create a VPC and subnet + + **Figure 1** Create a VPC and subnet + .. table:: **Table 1** VPC parameter descriptions +-------------------------------------+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ diff --git a/umn/source/getting_started/configuring_a_vpc_for_ecss_that_do_not_require_internet_access/step_4_add_a_security_group_rule.rst b/umn/source/getting_started/configuring_a_vpc_for_ecss_that_do_not_require_internet_access/step_4_add_a_security_group_rule.rst index 1e544a0..605931c 100644 --- a/umn/source/getting_started/configuring_a_vpc_for_ecss_that_do_not_require_internet_access/step_4_add_a_security_group_rule.rst +++ b/umn/source/getting_started/configuring_a_vpc_for_ecss_that_do_not_require_internet_access/step_4_add_a_security_group_rule.rst @@ -65,36 +65,36 @@ Procedure .. table:: **Table 1** Inbound rule parameter description - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Parameter | Description | Example Value | - +=======================+====================================================================================================================================================================================================================================================================================================================================================================================================================+=======================+ - | Protocol & Port | The network protocol used to match traffic in a security group rule. | TCP | - | | | | - | | Currently, the value can be **All**, **TCP**, **UDP**, **GRE**, **ICMP**, or more. | | - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | | **Port**: The port or port range over which traffic can reach your ECS. The value can be from 1 to 65535. | 22, or 22-30 | - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Type | Source IP address version. You can select: | IPv4 | - | | | | - | | - IPv4 | | - | | - IPv6 | | - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Source | Source of the security group rule. The value can be an IP address, a security group, or an IP address group to allow access from IP addresses or instances in the security group. For example: | 0.0.0.0/0 | - | | | | - | | - IP address: | | - | | | | - | | - Single IP address: 192.168.10.10/32 | | - | | - All IP addresses: 0.0.0.0/0 | | - | | - IP address range: 192.168.1.0/24 | | - | | | | - | | - **Security group**: The source is from another security group. You can select a security group in the same region under the current account from the drop-down list. Instance A is in security group A and instance B is in security group B. If security group A has an inbound rule with **Action** set to **Allow** and **Source** set to security group B, access from instance B is allowed to instance A. | | - | | | | - | | If the source is a security group, this rule will apply to all instances associated with the selected security group. | | - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Description | Supplementary information about the security group rule. This parameter is optional. | N/A | - | | | | - | | The security group rule description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Parameter | Description | Example Value | + +=======================+===============================================================================================================================================================================================================================================================================================================================================================+=======================+ + | Protocol & Port | The network protocol used to match traffic in a security group rule. | TCP | + | | | | + | | Currently, the value can be **All**, **TCP**, **UDP**, **GRE**, **ICMP**, or more. | | + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | | **Port**: The port or port range over which traffic can reach your ECS. The value can be from 1 to 65535. | 22, or 22-30 | + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Type | Source IP address version. You can select: | IPv4 | + | | | | + | | - IPv4 | | + | | - IPv6 | | + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Source | Source of the security group rule. The value can be an IP address or a security group to allow access from IP addresses or instances in the security group. | 0.0.0.0/0 | + | | | | + | | - IP address: | | + | | | | + | | - Single IP address: 192.168.10.10/32 | | + | | - All IP addresses: 0.0.0.0/0 | | + | | - IP address range: 192.168.1.0/24 | | + | | | | + | | - **Security group**: The source is from another security group. You can select a security group in the same region from the drop-down list. If there is instance A in security group A and instance B in security group B, and the inbound rule of security group A allows traffic from security group B, traffic is allowed from instance B to instance A. | | + | | | | + | | If the source is a security group, this rule will apply to all instances associated with the selected security group. | | + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Description | Supplementary information about the security group rule. This parameter is optional. | N/A | + | | | | + | | The security group rule description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ #. Click **OK**. @@ -116,34 +116,34 @@ Procedure .. table:: **Table 2** Outbound rule parameter description - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Parameter | Description | Example Value | - +=======================+============================================================================================================================================================================================================================================================================================================================================================================================================================================+=======================+ - | Protocol & Port | The network protocol used to match traffic in a security group rule. | TCP | - | | | | - | | Currently, the value can be **All**, **TCP**, **UDP**, **GRE**, **ICMP**, or more. | | - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | | **Port**: The port or port range over which traffic can leave your ECS. The value can be from 1 to 65535. | 22, or 22-30 | - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Type | Source IP address version. You can select: | IPv4 | - | | | | - | | - IPv4 | | - | | - IPv6 | | - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Destination | Destination of the security group rule. The value can be an IP address or a security group to allow access to IP addresses or instances in the security group. For example: | 0.0.0.0/0 | - | | | | - | | - IP address: | | - | | | | - | | - Single IP address: 192.168.10.10/32 | | - | | - All IP addresses: 0.0.0.0/0 | | - | | - IP address range: 192.168.1.0/24 | | - | | | | - | | - **Security group**: The destination is from another security group. You can select a security group in the same region under the current account from the drop-down list. For example, instance A is in security group A and instance B is in security group B. If security group A has an outbound rule with **Action** set to **Allow** and **Destination** set to security group B, access from instance A is allowed to instance B. | | - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Description | Supplementary information about the security group rule. This parameter is optional. | N/A | - | | | | - | | The security group rule description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | - +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Parameter | Description | Example Value | + +=======================+===============================================================================================================================================================================================================================================================================================================================================================+=======================+ + | Protocol & Port | The network protocol used to match traffic in a security group rule. | TCP | + | | | | + | | Currently, the value can be **All**, **TCP**, **UDP**, **GRE**, **ICMP**, or more. | | + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | | **Port**: The port or port range over which traffic can leave your ECS. The value can be from 1 to 65535. | 22, or 22-30 | + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Type | Source IP address version. You can select: | IPv4 | + | | | | + | | - IPv4 | | + | | - IPv6 | | + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Destination | Destination of the security group rule. The value can be an IP address or a security group to allow access to IP addresses or instances in the security group. | 0.0.0.0/0 | + | | | | + | | - IP address: | | + | | | | + | | - Single IP address: 192.168.10.10/32 | | + | | - All IP addresses: 0.0.0.0/0 | | + | | - IP address range: 192.168.1.0/24 | | + | | | | + | | - **Security group**: The source is from another security group. You can select a security group in the same region from the drop-down list. If there is instance A in security group A and instance B in security group B, and the inbound rule of security group A allows traffic from security group B, traffic is allowed from instance B to instance A. | | + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ + | Description | Supplementary information about the security group rule. This parameter is optional. | N/A | + | | | | + | | The security group rule description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | | + +-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ #. Click **OK**. diff --git a/umn/source/monitoring/creating_an_alarm_rule.rst b/umn/source/monitoring/creating_an_alarm_rule.rst index 89a4d13..cfe6898 100644 --- a/umn/source/monitoring/creating_an_alarm_rule.rst +++ b/umn/source/monitoring/creating_an_alarm_rule.rst @@ -23,6 +23,12 @@ Procedure 5. On the **Alarm Rules** page, click **Create Alarm Rule** and set required parameters, or modify an existing alarm rule. + + .. figure:: /_static/images/en-us_image_0000001865898552.png + :alt: **Figure 1** Create an alarm rule + + **Figure 1** Create an alarm rule + 6. After the parameters are set, click **Create**. After the alarm rule is created, the system automatically notifies you if an alarm is triggered for the VPC service. diff --git a/umn/source/route_tables/managing_route_tables/creating_a_custom_route_table.rst b/umn/source/route_tables/managing_route_tables/creating_a_custom_route_table.rst index a467fdd..d1d571a 100644 --- a/umn/source/route_tables/managing_route_tables/creating_a_custom_route_table.rst +++ b/umn/source/route_tables/managing_route_tables/creating_a_custom_route_table.rst @@ -31,7 +31,7 @@ Procedure 5. In the upper right corner, click **Create Route Table**. On the displayed page, configure parameters as prompted. - .. figure:: /_static/images/en-us_image_0000001818983038.png + .. figure:: /_static/images/en-us_image_0000001865582789.png :alt: **Figure 1** Create Route Table **Figure 1** Create Route Table diff --git a/umn/source/route_tables/managing_route_tables/viewing_route_table_information.rst b/umn/source/route_tables/managing_route_tables/viewing_route_table_information.rst index 287b79d..94a6de1 100644 --- a/umn/source/route_tables/managing_route_tables/viewing_route_table_information.rst +++ b/umn/source/route_tables/managing_route_tables/viewing_route_table_information.rst @@ -32,7 +32,20 @@ Procedure The route table details page is displayed. a. On the **Summary** tab page, view the basic information and routes of the route table. + + + .. figure:: /_static/images/en-us_image_0000001866063864.png + :alt: **Figure 1** View the basic information and routes of the route table + + **Figure 1** View the basic information and routes of the route table + b. On the **Associated Subnets** tab page, view the subnets associated with the route table. + + .. figure:: /_static/images/en-us_image_0000001911853289.png + :alt: **Figure 2** View the subnets associated with the route table + + **Figure 2** View the subnets associated with the route table + .. |image1| image:: /_static/images/en-us_image_0000001818982734.png .. |image2| image:: /_static/images/en-us_image_0000001865582825.png diff --git a/umn/source/route_tables/managing_route_tables/viewing_the_route_table_associated_with_a_subnet.rst b/umn/source/route_tables/managing_route_tables/viewing_the_route_table_associated_with_a_subnet.rst index 0769822..bc69042 100644 --- a/umn/source/route_tables/managing_route_tables/viewing_the_route_table_associated_with_a_subnet.rst +++ b/umn/source/route_tables/managing_route_tables/viewing_the_route_table_associated_with_a_subnet.rst @@ -31,9 +31,21 @@ Procedure 6. In the right of the subnet details page, view the route table associated with the subnet. + + .. figure:: /_static/images/en-us_image_0000001911849797.png + :alt: **Figure 1** View the route table associated with a subnet + + **Figure 1** View the route table associated with a subnet + 7. Click the name of the route table. The route table details page is displayed. You can further view the route information. + + .. figure:: /_static/images/en-us_image_0000001911771617.png + :alt: **Figure 2** View the basic information and routes of the route table + + **Figure 2** View the basic information and routes of the route table + .. |image1| image:: /_static/images/en-us_image_0000001818982734.png .. |image2| image:: /_static/images/en-us_image_0000001865582701.png diff --git a/umn/source/route_tables/managing_routes/adding_a_custom_route.rst b/umn/source/route_tables/managing_routes/adding_a_custom_route.rst index 63d8f33..b666c1d 100644 --- a/umn/source/route_tables/managing_routes/adding_a_custom_route.rst +++ b/umn/source/route_tables/managing_routes/adding_a_custom_route.rst @@ -35,7 +35,7 @@ Procedure You can click **+** to add more routes. - .. figure:: /_static/images/en-us_image_0000001818823258.png + .. figure:: /_static/images/en-us_image_0000001865582793.png :alt: **Figure 1** Add Route **Figure 1** Add Route @@ -45,6 +45,12 @@ Procedure +-----------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------+ | Parameter | Description | Example Value | +=======================+======================================================================================================================================================================+========================+ + | Destination Type | Mandatory | IP address | + | | | | + | | The destination can be: | | + | | | | + | | - IP address: single IP address or IP address range | | + +-----------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------+ | Destination | Mandatory | IPv4: 192.168.0.0/16 | | | | | | | Enter the destination of the route. You can enter a single IP address or an IP address range in CIDR notation. | | diff --git a/umn/source/route_tables/managing_routes/modifying_a_route.rst b/umn/source/route_tables/managing_routes/modifying_a_route.rst index 2100ef8..a37e319 100644 --- a/umn/source/route_tables/managing_routes/modifying_a_route.rst +++ b/umn/source/route_tables/managing_routes/modifying_a_route.rst @@ -40,6 +40,12 @@ Procedure +-----------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ | Item | Description | Example Value | +=======================+======================================================================================================================================================================+=======================+ + | Destination Type | Mandatory | IP address | + | | | | + | | The destination can be: | | + | | | | + | | - **IP address**: Select this option if you want to enter an IP address or IP address range. | | + +-----------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ | Destination | Mandatory | Pv4: 192.168.0.0/16 | | | | | | | Enter the destination of the route. You can enter a single IP address or an IP address range in CIDR notation. | | diff --git a/umn/source/virtual_ip_address/assigning_a_virtual_ip_address.rst b/umn/source/virtual_ip_address/assigning_a_virtual_ip_address.rst index 1925871..aa30bf3 100644 --- a/umn/source/virtual_ip_address/assigning_a_virtual_ip_address.rst +++ b/umn/source/virtual_ip_address/assigning_a_virtual_ip_address.rst @@ -27,6 +27,12 @@ Procedure #. Click the **IP Addresses** tab and click **Assign Virtual IP Address**. + + .. figure:: /_static/images/en-us_image_0000001866046474.png + :alt: **Figure 1** Assign a virtual IP address + + **Figure 1** Assign a virtual IP address + #. Select an IP address type. This parameter is available only in regions supporting IPv6. - IPv4 diff --git a/umn/source/vpc_and_subnet/vpc/creating_a_vpc.rst b/umn/source/vpc_and_subnet/vpc/creating_a_vpc.rst index f3a388e..8fd4e5b 100644 --- a/umn/source/vpc_and_subnet/vpc/creating_a_vpc.rst +++ b/umn/source/vpc_and_subnet/vpc/creating_a_vpc.rst @@ -29,6 +29,12 @@ Procedure A default subnet will be created together with a VPC and you can also click **Add Subnet** to create more subnets for the VPC. + + .. figure:: /_static/images/en-us_image_0000001865837676.png + :alt: **Figure 1** Create a VPC and subnet + + **Figure 1** Create a VPC and subnet + .. table:: **Table 1** VPC parameter descriptions +-------------------------------------+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+ diff --git a/umn/source/vpc_peering_connection/deleting_routes_configured_for_a_vpc_peering_connection.rst b/umn/source/vpc_peering_connection/deleting_routes_configured_for_a_vpc_peering_connection.rst index 3227206..800362c 100644 --- a/umn/source/vpc_peering_connection/deleting_routes_configured_for_a_vpc_peering_connection.rst +++ b/umn/source/vpc_peering_connection/deleting_routes_configured_for_a_vpc_peering_connection.rst @@ -65,17 +65,11 @@ Only the account owner of a VPC in a VPC peering connection can delete the route The page showing the VPC peering connection details is displayed. - e. Delete the route added to the route table of the local VPC: + e. In the route list, locate the route and click **Delete** in the **Operation** column. - #. Click the **Local Routes** tab and then click the **Route Tables** hyperlink. + A confirmation dialog box is displayed. - The **Summary** tab of the default route table for the local VPC is displayed. - - #. Locate the row that contains the route to be deleted and click **Delete** in the **Operation** column. - - A confirmation dialog box is displayed. - - #. Click **Yes**. + f. Confirm the information and click **OK**. #. Log in to the management console using the account of the peer VPC and delete the route of the peer VPC by referring to :ref:`1 `. diff --git a/umn/source/vpc_peering_connection/viewing_routes_configured_for_a_vpc_peering_connection.rst b/umn/source/vpc_peering_connection/viewing_routes_configured_for_a_vpc_peering_connection.rst index 70c7166..5d29f4d 100644 --- a/umn/source/vpc_peering_connection/viewing_routes_configured_for_a_vpc_peering_connection.rst +++ b/umn/source/vpc_peering_connection/viewing_routes_configured_for_a_vpc_peering_connection.rst @@ -40,6 +40,12 @@ Viewing Routes of a VPC Peering Connection Between VPCs in the Same Account You can view the route destination, VPC, next hop, route table, and more. + + .. figure:: /_static/images/en-us_image_0000001865828728.png + :alt: **Figure 1** View routes of a VPC peering connection between VPCs in the same account + + **Figure 1** View routes of a VPC peering connection between VPCs in the same account + .. _vpc_peering_0004__section92403501475: Viewing Routes of a VPC Peering Connection Between VPCs in Different Accounts @@ -69,8 +75,20 @@ Only the account owner of a VPC in a VPC peering connection can view the routes You can view the route destination, VPC, next hop, route table, and more. + + .. figure:: /_static/images/en-us_image_0000001865833004.png + :alt: **Figure 2** View the local routes of a VPC peering connection between VPCs in different accounts + + **Figure 2** View the local routes of a VPC peering connection between VPCs in different accounts + #. Log in to the management console using the account of the peer VPC and view the route of the peer VPC by referring to :ref:`1 `. + + .. figure:: /_static/images/en-us_image_0000001865674836.png + :alt: **Figure 3** View the peer routes of a VPC peering connection between VPCs in different accounts + + **Figure 3** View the peer routes of a VPC peering connection between VPCs in different accounts + .. |image1| image:: /_static/images/en-us_image_0000001818982734.png .. |image2| image:: /_static/images/en-us_image_0000001865662765.png .. |image3| image:: /_static/images/en-us_image_0000001818982734.png diff --git a/umn/source/vpc_peering_connection/viewing_vpc_peering_connections.rst b/umn/source/vpc_peering_connection/viewing_vpc_peering_connections.rst index 8b2258d..e928051 100644 --- a/umn/source/vpc_peering_connection/viewing_vpc_peering_connections.rst +++ b/umn/source/vpc_peering_connection/viewing_vpc_peering_connections.rst @@ -31,5 +31,11 @@ Procedure On the displayed page, view details about the VPC peering connection. + + .. figure:: /_static/images/en-us_image_0000001865884494.png + :alt: **Figure 1** View VPC peering connections + + **Figure 1** View VPC peering connections + .. |image1| image:: /_static/images/en-us_image_0000001818982734.png .. |image2| image:: /_static/images/en-us_image_0000001865663213.png