sgode/virtual-private-cloud
1
0
Fork 0
forked from docs/virtual-private-cloud
Code Pull Requests Activity

Update content

Browse Source
This commit is contained in:
OpenTelekomCloud Proposal Bot 2024-04-30 04:00:05 +00:00
parent c76420195d
commit a67520a9de
44 changed files with 457 additions and 452 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
umn/source/_static/images/en-us_image_0000001818823258.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 16 KiB

BIN
umn/source/_static/images/en-us_image_0000001818983038.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 19 KiB

BIN
umn/source/_static/images/en-us_image_0000001865582789.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 28 KiB

BIN
umn/source/_static/images/en-us_image_0000001865582793.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 13 KiB

BIN
umn/source/_static/images/en-us_image_0000001865662813.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 5.4 KiB

BIN
umn/source/_static/images/en-us_image_0000001865674836.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 79 KiB

BIN
umn/source/_static/images/en-us_image_0000001865684752.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 29 KiB

BIN
umn/source/_static/images/en-us_image_0000001865828728.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 86 KiB

BIN
umn/source/_static/images/en-us_image_0000001865833004.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 80 KiB

BIN
umn/source/_static/images/en-us_image_0000001865837676.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 93 KiB

BIN
umn/source/_static/images/en-us_image_0000001865884494.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 96 KiB

BIN
umn/source/_static/images/en-us_image_0000001865898552.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 143 KiB

BIN
umn/source/_static/images/en-us_image_0000001866046474.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 12 KiB

BIN
umn/source/_static/images/en-us_image_0000001866063864.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 64 KiB

BIN
umn/source/_static/images/en-us_image_0000001911771617.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 64 KiB

BIN
umn/source/_static/images/en-us_image_0000001911842313.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 33 KiB

BIN
umn/source/_static/images/en-us_image_0000001911849797.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 125 KiB

BIN
umn/source/_static/images/en-us_image_0000001911853289.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 32 KiB

6
umn/source/access_control/firewall/managing_firewalls/viewing_a_firewall.rst
View File

@ -27,5 +27,11 @@ Procedure
6. On the displayed page, click the **Inbound Rules**, **Outbound Rules**, and **Associated Subnets** tabs one by one to view details about inbound rules, outbound rules, and subnet associations.
.. figure:: /_static/images/en-us_image_0000001865684752.png
:alt: **Figure 1** Viewing a firewall
**Figure 1** Viewing a firewall
.. |image1| image:: /_static/images/en-us_image_0000001818982734.png
.. |image2| image:: /_static/images/en-us_image_0000001865662773.png

6
umn/source/access_control/security_group/managing_instances_associated_with_a_security_group/viewing_the_security_group_of_an_ecs.rst
View File

@ -29,5 +29,11 @@ Procedure
You can view the security groups associated with the ECS and the inbound and outbound rules.
.. figure:: /_static/images/en-us_image_0000001911842313.png
:alt: **Figure 1** View the security group of an ECS
**Figure 1** View the security group of an ECS
.. |image1| image:: /_static/images/en-us_image_0000001818982734.png
.. |image2| image:: /_static/images/en-us_image_0000001818982866.png

36
umn/source/access_control/security_group/managing_security_group_rules/adding_a_security_group_rule.rst
View File

@ -71,21 +71,21 @@ Procedure
.. table:: **Table 1** Inbound rule parameter description
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Parameter | Description | Example Value |
+=======================+====================================================================================================================================================================================================================================================================================================================================================================================================================+=======================+
+=======================+===============================================================================================================================================================================================================================================================================================================================================================+=======================+
| Protocol & Port | The network protocol used to match traffic in a security group rule. | TCP |
| | | |
| | Currently, the value can be **All**, **TCP**, **UDP**, **GRE**, **ICMP**, or more. | |
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| | **Port**: The port or port range over which traffic can reach your ECS. The value can be from 1 to 65535. | 22, or 22-30 |
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Type | Source IP address version. You can select: | IPv4 |
| | | |
| | - IPv4 | |
| | - IPv6 | |
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Source | Source of the security group rule. The value can be an IP address, a security group, or an IP address group to allow access from IP addresses or instances in the security group. For example: | 0.0.0.0/0 |
+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Source | Source of the security group rule. The value can be an IP address or a security group to allow access from IP addresses or instances in the security group. | 0.0.0.0/0 |
| | | |
| | - IP address: | |
| | | |
@ -93,14 +93,14 @@ Procedure
| | - All IP addresses: 0.0.0.0/0 | |
| | - IP address range: 192.168.1.0/24 | |
| | | |
| | - **Security group**: The source is from another security group. You can select a security group in the same region under the current account from the drop-down list. Instance A is in security group A and instance B is in security group B. If security group A has an inbound rule with **Action** set to **Allow** and **Source** set to security group B, access from instance B is allowed to instance A. | |
| | - **Security group**: The source is from another security group. You can select a security group in the same region from the drop-down list. If there is instance A in security group A and instance B in security group B, and the inbound rule of security group A allows traffic from security group B, traffic is allowed from instance B to instance A. | |
| | | |
| | If the source is a security group, this rule will apply to all instances associated with the selected security group. | |
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Description | Supplementary information about the security group rule. This parameter is optional. | N/A |
| | | |
| | The security group rule description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | |
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
#. Click **OK**.
@ -122,21 +122,21 @@ Procedure
.. table:: **Table 2** Outbound rule parameter description
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Parameter | Description | Example Value |
+=======================+============================================================================================================================================================================================================================================================================================================================================================================================================================================+=======================+
+=======================+===============================================================================================================================================================================================================================================================================================================================================================+=======================+
| Protocol & Port | The network protocol used to match traffic in a security group rule. | TCP |
| | | |
| | Currently, the value can be **All**, **TCP**, **UDP**, **GRE**, **ICMP**, or more. | |
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| | **Port**: The port or port range over which traffic can leave your ECS. The value can be from 1 to 65535. | 22, or 22-30 |
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Type | Source IP address version. You can select: | IPv4 |
| | | |
| | - IPv4 | |
| | - IPv6 | |
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Destination | Destination of the security group rule. The value can be an IP address or a security group to allow access to IP addresses or instances in the security group. For example: | 0.0.0.0/0 |
+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Destination | Destination of the security group rule. The value can be an IP address or a security group to allow access to IP addresses or instances in the security group. | 0.0.0.0/0 |
| | | |
| | - IP address: | |
| | | |
@ -144,12 +144,12 @@ Procedure
| | - All IP addresses: 0.0.0.0/0 | |
| | - IP address range: 192.168.1.0/24 | |
| | | |
| | - **Security group**: The destination is from another security group. You can select a security group in the same region under the current account from the drop-down list. For example, instance A is in security group A and instance B is in security group B. If security group A has an outbound rule with **Action** set to **Allow** and **Destination** set to security group B, access from instance A is allowed to instance B. | |
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| | - **Security group**: The source is from another security group. You can select a security group in the same region from the drop-down list. If there is instance A in security group A and instance B in security group B, and the inbound rule of security group A allows traffic from security group B, traffic is allowed from instance B to instance A. | |
+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Description | Supplementary information about the security group rule. This parameter is optional. | N/A |
| | | |
| | The security group rule description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | |
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
#. Click **OK**.

30
umn/source/access_control/security_group/managing_security_group_rules/fast-adding_security_group_rules.rst
View File

@ -43,34 +43,33 @@ Procedure
.. table:: **Table 1** Inbound rule parameter description
+-----------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Parameter | Description | Example Value |
+=======================+====================================================================================================================================================================================================+=======================+
+=======================+==============================================================================================================================================================================+=======================+
| Protocols and Ports | Common protocols and ports are provided for: | SSH (22) |
| | | |
| | - Remote login and ping | |
| | - Web services | |
| | - Databases | |
+-----------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Type | Source IP address version. You can select: | IPv4 |
| | | |
| | - IPv4 | |
| | - IPv6 | |
+-----------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Source | Source of the security group rule. The value can be an IP address, an IP address group, or a security group to allow access from IP addresses or instances in the security group. You can specify: | 0.0.0.0/0 |
+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Source | Source of the security group rule. The value can be an IP address or a security group to allow access from IP addresses or instances in the security group. You can specify: | 0.0.0.0/0 |
| | | |
| | - xxx.xxx.xxx.xxx/32 (IPv4 address) | |
| | - xxx.xxx.xxx.0/24 (IPv4 address range) | |
| | - 0.0.0.0/0 (all IPv4 addresses) | |
| | - sg-abc (security group) | |
| | - IP address group: ipGroup-test | |
| | | |
| | If the source is a security group, this rule will apply to all instances associated with the selected security group. | |
+-----------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Description | (Optional) Supplementary information about the security group rule. | ``-`` |
| | | |
| | The description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | |
+-----------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
8. Click **OK**.
@ -90,32 +89,31 @@ Procedure
.. table:: **Table 2** Outbound rule parameter description
+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Parameter | Description | Example Value |
+=======================+=======================================================================================================================================================================================================+=======================+
+=======================+=================================================================================================================================================================================+=======================+
| Protocols and Ports | Common protocols and ports are provided for: | SSH (22) |
| | | |
| | - Remote login and ping | |
| | - Web services | |
| | - Databases | |
+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Type | Source IP address version. You can select: | IPv4 |
| | | |
| | - IPv4 | |
| | - IPv6 | |
+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Destination | Destination of the security group rule. The value can be an IP address, an IP address group, or a security group to allow access to IP addresses or instances in the security group. You can specify: | 0.0.0.0/0 |
+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Destination | Destination of the security group rule. The value can be an IP address or a security group to allow access to IP addresses or instances in the security group. You can specify: | 0.0.0.0/0 |
| | | |
| | - xxx.xxx.xxx.xxx/32 (IPv4 address) | |
| | - xxx.xxx.xxx.0/24 (IPv4 address range) | |
| | - 0.0.0.0/0 (all IPv4 addresses) | |
| | - sg-abc (security group) | |
| | - IP address group: ipGroup-test | |
+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Description | (Optional) Supplementary information about the security group rule. | ``-`` |
| | | |
| | The description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | |
+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
11. Click **OK**.

25
umn/source/access_control/security_group/managing_security_group_rules/importing_and_exporting_security_group_rules.rst
View File

@ -53,26 +53,26 @@ Procedure
.. table:: **Table 1** Template parameters
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------+
+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------+
| Parameter | Description | Example Value |
+=======================+====================================================================================================================================================================================================================================================================================================================================================================================================================+====================================+
+=======================+===============================================================================================================================================================================================================================================================================================================================================================+====================================+
| Direction | The direction in which the security group rule takes effect. | Inbound |
| | | |
| | - **Inbound**: Inbound rules control incoming traffic to instances in the security group. | |
| | - **Outbound**: Outbound rules control outgoing traffic from instances in the security group. | |
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------+
+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------+
| Protocol & Port | The network protocol used to match traffic in a security group rule. | TCP |
| | | |
| | Currently, the value can be **All**, **TCP**, **UDP**, **GRE**, **ICMP**, or more. | |
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------+
+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------+
| | **Port**: The port or port range over which traffic can reach your ECS. The value can be from 1 to 65535. | 22, or 22-30 |
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------+
+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------+
| Type | Source IP address version. You can select: | IPv4 |
| | | |
| | - IPv4 | |
| | - IPv6 | |
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------+
| Source | Source of the security group rule. The value can be an IP address, a security group, or an IP address group to allow access from IP addresses or instances in the security group. For example: | sg-test[96a8a93f-XXX-d7872990c314] |
+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------+
| Source | Source of the security group rule. The value can be an IP address or a security group to allow access from IP addresses or instances in the security group. | sg-test[96a8a93f-XXX-d7872990c314] |
| | | |
| | - IP address: | |
| | | |
@ -80,15 +80,14 @@ Procedure
| | - All IP addresses: 0.0.0.0/0 | |
| | - IP address range: 192.168.1.0/24 | |
| | | |
| | - **Security group**: The source is from another security group. You can select a security group in the same region under the current account from the drop-down list. Instance A is in security group A and instance B is in security group B. If security group A has an inbound rule with **Action** set to **Allow** and **Source** set to security group B, access from instance B is allowed to instance A. | |
| | - **IP address group**: The source is an IP address group. An IP address group is a collection of one or more IP addresses. You can select an available IP address group from the drop-down list. An IP address group can help you manage IP address ranges and IP addresses with same security requirements in a more simple way. | |
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------+
| Destination | Destination of the security group rule. The value can be an IP address or a security group to allow access to IP addresses or instances in the security group. For example: | sg-test[96a8a93f-XXX-d7872990c314] |
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------+
| | - **Security group**: The source is from another security group. You can select a security group in the same region from the drop-down list. If there is instance A in security group A and instance B in security group B, and the inbound rule of security group A allows traffic from security group B, traffic is allowed from instance B to instance A. | |
+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------+
| Destination | Destination of the security group rule. The value can be an IP address or a security group to allow access to IP addresses or instances in the security group. | sg-test[96a8a93f-XXX-d7872990c314] |
+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------+
| Description | (Optional) Supplementary information about the security group rule. | ``-`` |
| | | |
| | The route description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | |
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------+
+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------+
.. |image1| image:: /_static/images/en-us_image_0000001818982734.png
.. |image2| image:: /_static/images/en-us_image_0000001865582585.png

43
umn/source/access_control/security_group/security_groups_and_security_group_rules.rst
View File

@ -26,7 +26,7 @@ Security Group Basics
.. important::
After a persistent connection is disconnected, new connections will not be established immediately until the timeout period of connection tracking expires. For example, after an ICMP persistent connection is disconnected, a new connection will be established and a new rule will apply when the timeout period (30s) expires.
After a persistent connection is disconnected, new connections will not be established immediately until the timeout period of connection tracking expires. For example, after an ICMP persistent connection is disconnected, a new connection will be established and a new rule will be applied when the timeout period (30s) expires.
- The timeout period of connection tracking varies by protocol. The timeout period of a TCP connection in the established state is 600s, and that of an ICMP connection is 30s. For other protocols, if packets are received in both inbound and outbound directions, the connection tracking timeout period is 180s. If packets are received only in one direction, the connection tracking timeout period is 30s.
- The timeout period of TCP connections varies by connection status. The timeout period of a TCP connection in the established state is 600s, and that of a TCP connection in the FIN-WAIT state is 30s.
@ -40,16 +40,16 @@ A security group has inbound and outbound rules to control traffic that's allowe
.. table:: **Table 1** Security group rule information
+-----------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Parameter | Description |
+===================================+=====================================================================================================================================================================================================================================+
+===================================+========================================================================================================================================================================================================================+
| Protocol | The network protocol used to match traffic in a security group rule. Currently, the value can be **All**, **TCP**, **UDP**, **GRE**, **ICMP**, or more. |
+-----------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Port | Destination port used to match traffic in a security group rule. The value can be from 1 to 65535. |
| | |
| | - Inbound rules control incoming traffic over specific ports to instances in the security group. |
| | - Outbound rules control outgoing traffic over specific ports from instances in the security group. |
+-----------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Source (Inbound) | The source in an inbound rule is used to match the IP address or address range of an external request. The source can be: |
| | |
| | - IP address: |
@ -62,9 +62,7 @@ A security group has inbound and outbound rules to control traffic that's allowe
| | - Security group: You can select another security group in the same region under the current account as the source. |
| | |
| | For example, instance A is in security group A and instance B is in security group B. If security group A has a rule with **Source** set to security group B, access from instance B is allowed to instance A. |
| | |
| | - IP address group: If you have multiple IP address ranges and IP addresses with same security requirements, add them to an IP address group and select the group as the source to help you manage them in a more simple way. |
+-----------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Destination (Outbound) | The destination in an outbound rule is used to match the IP address or address range of an internal request. The destination can be: |
| | |
| | - IP address: |
@ -77,9 +75,7 @@ A security group has inbound and outbound rules to control traffic that's allowe
| | - Security group: You can select another security group in the same region under the current account as the destination. |
| | |
| | For example, instance A is in security group A and instance B is in security group B. If security group A has a rule with **Destination** set to security group B, access from instance A is allowed to instance B. |
| | |
| | - IP address group: If you have multiple IP address ranges and IP addresses with same security requirements, add them to an IP address group and select the group as the destination to help you manage them in a more simple way. |
+-----------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
Like whitelists, security group rules work as follows:
@ -130,6 +126,31 @@ Like whitelists, security group rules work as follows:
You can use :ref:`VPC peering connections <en-us_topic_0046655036>` to connect VPCs in different regions.
Security Group Configuration Process
------------------------------------
.. figure:: /_static/images/en-us_image_0000001865662813.png
:alt: **Figure 1** Security group configuration process
**Figure 1** Security group configuration process
.. table:: **Table 3** Security group configuration process description
+-----------------+--------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------+
| No. | Step | Description | Reference |
+=================+======================================+======================================================================================================================================================================================================================================================================+=================================================================================================+
| 1 | Create a security group. | When creating a security group, you can select a template, such **General-purpose web server** or **All ports open**. A template contains preset security group rules. For details, see :ref:`Security group templates <en-us_topic_0013748715__table117828131111>`. | :ref:`Creating a Security Group <en-us_topic_0013748715>` |
+-----------------+--------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------+
| 2 | Configure security group rules. | After a security group is created, if its rules cannot meet your service requirements, you can add new rules to the security group or modify original rules. | :ref:`Adding a Security Group Rule <en-us_topic_0030969470>` |
| | | | |
| | | | :ref:`Fast-Adding Security Group Rules <securitygroup_0004>` |
+-----------------+--------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------+
| 3 | Add instances to the security group. | When you create an instance, the system automatically adds the instance to a security group for protection. | :ref:`Adding an Instance to or Removing an Instance from a Security Group <securitygroup_0017>` |
| | | | |
| | | If one security group cannot meet your requirements, you can add an instance to multiple security groups. | |
+-----------------+--------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------+
Security Group Constraints
--------------------------

12
umn/source/change_history.rst
View File

@ -8,6 +8,18 @@ Change History
+-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Released On | Description |
+===================================+==================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================+
| 2024-04-25 | This release incorporates the following changes: |
| | |
| | - Modified the procedure for deleting routes for a VPC peering connection between VPCs in different accounts in :ref:`Deleting Routes Configured for a VPC Peering Connection <vpc_peering_0006>`. |
| | - Modified the figure for creating a route table in :ref:`Creating a Custom Route Table <vpc_route01_0005>`. |
| | - Modified the figure for adding a custom route in :ref:`Adding a Custom Route <vpc_route01_0006>`. |
| | - Added descriptions about **Destination Type** in :ref:`Adding a Custom Route <vpc_route01_0006>` and :ref:`Modifying a Route <vpc_route01_0011>`. |
| | - Added descriptions about security group templates in the table "Security group configuration process description" in :ref:`Security Groups and Security Group Rules <en-us_topic_0073379079>`. |
| | - Modified descriptions about the security groups in the parameter descriptions in :ref:`Adding a Security Group Rule <en-us_topic_0030969470>` and :ref:`Importing and Exporting Security Group Rules <vpc_securitygroup_0007>`. |
| | - Added step links in :ref:`Configuring a VPC for ECSs That Do Not Require Internet Access <vpc_qs_0003>` and :ref:`Configuring a VPC for ECSs That Access the Internet Using EIPs <en-us_topic_0017816228>`. |
| | - Added figures for creating and viewing resources. |
| | - Deleted the content related to the IP address groups. |
+-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| 2024-04-22 | This release incorporates the following changes: |
| | |
| | - Added description about security group templates and related operations in :ref:`Creating a Security Group <en-us_topic_0013748715>`. |

2
umn/source/elastic_ip/assigning_an_eip_and_binding_it_to_an_ecs.rst
View File

@ -131,7 +131,7 @@ After an ECS with an EIP bound is created, the system generates a domain name in
You can use any of the following commands to obtain the domain name of an EIP:
- ping -a *EIP*
- ping -an *EIP*
- nslookup [-qt=ptr] *EIP*
- dig -x *EIP*

140
umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/index.rst
View File

File diff suppressed because it is too large Load Diff

6
umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/step_1_create_a_vpc.rst
View File

@ -29,6 +29,12 @@ Procedure
A default subnet will be created together with a VPC and you can also click **Add Subnet** to create more subnets for the VPC.
.. figure:: /_static/images/en-us_image_0000001865837676.png
:alt: **Figure 1** Create a VPC and subnet
**Figure 1** Create a VPC and subnet
.. table:: **Table 1** VPC parameter descriptions
+-------------------------------------+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+

2
umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/step_3_assign_an_eip_and_bind_it_to_an_ecs.rst
View File

@ -131,7 +131,7 @@ After an ECS with an EIP bound is created, the system generates a domain name in
You can use any of the following commands to obtain the domain name of an EIP:
- ping -a *EIP*
- ping -an *EIP*
- nslookup [-qt=ptr] *EIP*
- dig -x *EIP*

36
umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/step_5_add_a_security_group_rule.rst
View File

@ -65,21 +65,21 @@ Procedure
.. table:: **Table 1** Inbound rule parameter description
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Parameter | Description | Example Value |
+=======================+====================================================================================================================================================================================================================================================================================================================================================================================================================+=======================+
+=======================+===============================================================================================================================================================================================================================================================================================================================================================+=======================+
| Protocol & Port | The network protocol used to match traffic in a security group rule. | TCP |
| | | |
| | Currently, the value can be **All**, **TCP**, **UDP**, **GRE**, **ICMP**, or more. | |
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| | **Port**: The port or port range over which traffic can reach your ECS. The value can be from 1 to 65535. | 22, or 22-30 |
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Type | Source IP address version. You can select: | IPv4 |
| | | |
| | - IPv4 | |
| | - IPv6 | |
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Source | Source of the security group rule. The value can be an IP address, a security group, or an IP address group to allow access from IP addresses or instances in the security group. For example: | 0.0.0.0/0 |
+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Source | Source of the security group rule. The value can be an IP address or a security group to allow access from IP addresses or instances in the security group. | 0.0.0.0/0 |
| | | |
| | - IP address: | |
| | | |
@ -87,14 +87,14 @@ Procedure
| | - All IP addresses: 0.0.0.0/0 | |
| | - IP address range: 192.168.1.0/24 | |
| | | |
| | - **Security group**: The source is from another security group. You can select a security group in the same region under the current account from the drop-down list. Instance A is in security group A and instance B is in security group B. If security group A has an inbound rule with **Action** set to **Allow** and **Source** set to security group B, access from instance B is allowed to instance A. | |
| | - **Security group**: The source is from another security group. You can select a security group in the same region from the drop-down list. If there is instance A in security group A and instance B in security group B, and the inbound rule of security group A allows traffic from security group B, traffic is allowed from instance B to instance A. | |
| | | |
| | If the source is a security group, this rule will apply to all instances associated with the selected security group. | |
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Description | Supplementary information about the security group rule. This parameter is optional. | N/A |
| | | |
| | The security group rule description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | |
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
#. Click **OK**.
@ -116,21 +116,21 @@ Procedure
.. table:: **Table 2** Outbound rule parameter description
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Parameter | Description | Example Value |
+=======================+============================================================================================================================================================================================================================================================================================================================================================================================================================================+=======================+
+=======================+===============================================================================================================================================================================================================================================================================================================================================================+=======================+
| Protocol & Port | The network protocol used to match traffic in a security group rule. | TCP |
| | | |
| | Currently, the value can be **All**, **TCP**, **UDP**, **GRE**, **ICMP**, or more. | |
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| | **Port**: The port or port range over which traffic can leave your ECS. The value can be from 1 to 65535. | 22, or 22-30 |
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Type | Source IP address version. You can select: | IPv4 |
| | | |
| | - IPv4 | |
| | - IPv6 | |
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Destination | Destination of the security group rule. The value can be an IP address or a security group to allow access to IP addresses or instances in the security group. For example: | 0.0.0.0/0 |
+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Destination | Destination of the security group rule. The value can be an IP address or a security group to allow access to IP addresses or instances in the security group. | 0.0.0.0/0 |
| | | |
| | - IP address: | |
| | | |
@ -138,12 +138,12 @@ Procedure
| | - All IP addresses: 0.0.0.0/0 | |
| | - IP address range: 192.168.1.0/24 | |
| | | |
| | - **Security group**: The destination is from another security group. You can select a security group in the same region under the current account from the drop-down list. For example, instance A is in security group A and instance B is in security group B. If security group A has an outbound rule with **Action** set to **Allow** and **Destination** set to security group B, access from instance A is allowed to instance B. | |
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| | - **Security group**: The source is from another security group. You can select a security group in the same region from the drop-down list. If there is instance A in security group A and instance B in security group B, and the inbound rule of security group A allows traffic from security group B, traffic is allowed from instance B to instance A. | |
+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Description | Supplementary information about the security group rule. This parameter is optional. | N/A |
| | | |
| | The security group rule description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | |
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
#. Click **OK**.

6
umn/source/getting_started/configuring_a_vpc_for_ecss_that_do_not_require_internet_access/index.rst
View File

@ -11,6 +11,12 @@ Configuring a VPC for ECSs That Do Not Require Internet Access
- :ref:`Step 3: Create a Security Group <vpc_qs_0007>`
- :ref:`Step 4: Add a Security Group Rule <vpc_qs_0008>`
- :ref:`Overview <vpc_qs_0004>`
- :ref:`Step 1: Create a VPC <vpc_qs_0005>`
- :ref:`Step 2: Create a Subnet for the VPC <vpc_qs_0006>`
- :ref:`Step 3: Create a Security Group <vpc_qs_0007>`
- :ref:`Step 4: Add a Security Group Rule <vpc_qs_0008>`
.. toctree::
:maxdepth: 1
:hidden:

6
umn/source/getting_started/configuring_a_vpc_for_ecss_that_do_not_require_internet_access/step_1_create_a_vpc.rst
View File

@ -29,6 +29,12 @@ Procedure
A default subnet will be created together with a VPC and you can also click **Add Subnet** to create more subnets for the VPC.
.. figure:: /_static/images/en-us_image_0000001865837676.png
:alt: **Figure 1** Create a VPC and subnet
**Figure 1** Create a VPC and subnet
.. table:: **Table 1** VPC parameter descriptions
+-------------------------------------+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+

36
umn/source/getting_started/configuring_a_vpc_for_ecss_that_do_not_require_internet_access/step_4_add_a_security_group_rule.rst
View File

@ -65,21 +65,21 @@ Procedure
.. table:: **Table 1** Inbound rule parameter description
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Parameter | Description | Example Value |
+=======================+====================================================================================================================================================================================================================================================================================================================================================================================================================+=======================+
+=======================+===============================================================================================================================================================================================================================================================================================================================================================+=======================+
| Protocol & Port | The network protocol used to match traffic in a security group rule. | TCP |
| | | |
| | Currently, the value can be **All**, **TCP**, **UDP**, **GRE**, **ICMP**, or more. | |
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| | **Port**: The port or port range over which traffic can reach your ECS. The value can be from 1 to 65535. | 22, or 22-30 |
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Type | Source IP address version. You can select: | IPv4 |
| | | |
| | - IPv4 | |
| | - IPv6 | |
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Source | Source of the security group rule. The value can be an IP address, a security group, or an IP address group to allow access from IP addresses or instances in the security group. For example: | 0.0.0.0/0 |
+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Source | Source of the security group rule. The value can be an IP address or a security group to allow access from IP addresses or instances in the security group. | 0.0.0.0/0 |
| | | |
| | - IP address: | |
| | | |
@ -87,14 +87,14 @@ Procedure
| | - All IP addresses: 0.0.0.0/0 | |
| | - IP address range: 192.168.1.0/24 | |
| | | |
| | - **Security group**: The source is from another security group. You can select a security group in the same region under the current account from the drop-down list. Instance A is in security group A and instance B is in security group B. If security group A has an inbound rule with **Action** set to **Allow** and **Source** set to security group B, access from instance B is allowed to instance A. | |
| | - **Security group**: The source is from another security group. You can select a security group in the same region from the drop-down list. If there is instance A in security group A and instance B in security group B, and the inbound rule of security group A allows traffic from security group B, traffic is allowed from instance B to instance A. | |
| | | |
| | If the source is a security group, this rule will apply to all instances associated with the selected security group. | |
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Description | Supplementary information about the security group rule. This parameter is optional. | N/A |
| | | |
| | The security group rule description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | |
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
#. Click **OK**.
@ -116,21 +116,21 @@ Procedure
.. table:: **Table 2** Outbound rule parameter description
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Parameter | Description | Example Value |
+=======================+============================================================================================================================================================================================================================================================================================================================================================================================================================================+=======================+
+=======================+===============================================================================================================================================================================================================================================================================================================================================================+=======================+
| Protocol & Port | The network protocol used to match traffic in a security group rule. | TCP |
| | | |
| | Currently, the value can be **All**, **TCP**, **UDP**, **GRE**, **ICMP**, or more. | |
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| | **Port**: The port or port range over which traffic can leave your ECS. The value can be from 1 to 65535. | 22, or 22-30 |
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Type | Source IP address version. You can select: | IPv4 |
| | | |
| | - IPv4 | |
| | - IPv6 | |
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Destination | Destination of the security group rule. The value can be an IP address or a security group to allow access to IP addresses or instances in the security group. For example: | 0.0.0.0/0 |
+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Destination | Destination of the security group rule. The value can be an IP address or a security group to allow access to IP addresses or instances in the security group. | 0.0.0.0/0 |
| | | |
| | - IP address: | |
| | | |
@ -138,12 +138,12 @@ Procedure
| | - All IP addresses: 0.0.0.0/0 | |
| | - IP address range: 192.168.1.0/24 | |
| | | |
| | - **Security group**: The destination is from another security group. You can select a security group in the same region under the current account from the drop-down list. For example, instance A is in security group A and instance B is in security group B. If security group A has an outbound rule with **Action** set to **Allow** and **Destination** set to security group B, access from instance A is allowed to instance B. | |
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| | - **Security group**: The source is from another security group. You can select a security group in the same region from the drop-down list. If there is instance A in security group A and instance B in security group B, and the inbound rule of security group A allows traffic from security group B, traffic is allowed from instance B to instance A. | |
+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Description | Supplementary information about the security group rule. This parameter is optional. | N/A |
| | | |
| | The security group rule description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | |
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
#. Click **OK**.

6
umn/source/monitoring/creating_an_alarm_rule.rst
View File

@ -23,6 +23,12 @@ Procedure
5. On the **Alarm Rules** page, click **Create Alarm Rule** and set required parameters, or modify an existing alarm rule.
.. figure:: /_static/images/en-us_image_0000001865898552.png
:alt: **Figure 1** Create an alarm rule
**Figure 1** Create an alarm rule
6. After the parameters are set, click **Create**.
After the alarm rule is created, the system automatically notifies you if an alarm is triggered for the VPC service.

2
umn/source/route_tables/managing_route_tables/creating_a_custom_route_table.rst
View File

@ -31,7 +31,7 @@ Procedure
5. In the upper right corner, click **Create Route Table**. On the displayed page, configure parameters as prompted.
.. figure:: /_static/images/en-us_image_0000001818983038.png
.. figure:: /_static/images/en-us_image_0000001865582789.png
:alt: **Figure 1** Create Route Table
**Figure 1** Create Route Table

13
umn/source/route_tables/managing_route_tables/viewing_route_table_information.rst
View File

@ -32,7 +32,20 @@ Procedure
The route table details page is displayed.
a. On the **Summary** tab page, view the basic information and routes of the route table.
.. figure:: /_static/images/en-us_image_0000001866063864.png
:alt: **Figure 1** View the basic information and routes of the route table
**Figure 1** View the basic information and routes of the route table
b. On the **Associated Subnets** tab page, view the subnets associated with the route table.
.. figure:: /_static/images/en-us_image_0000001911853289.png
:alt: **Figure 2** View the subnets associated with the route table
**Figure 2** View the subnets associated with the route table
.. |image1| image:: /_static/images/en-us_image_0000001818982734.png
.. |image2| image:: /_static/images/en-us_image_0000001865582825.png

12
umn/source/route_tables/managing_route_tables/viewing_the_route_table_associated_with_a_subnet.rst
View File

@ -31,9 +31,21 @@ Procedure
6. In the right of the subnet details page, view the route table associated with the subnet.
.. figure:: /_static/images/en-us_image_0000001911849797.png
:alt: **Figure 1** View the route table associated with a subnet
**Figure 1** View the route table associated with a subnet
7. Click the name of the route table.
The route table details page is displayed. You can further view the route information.
.. figure:: /_static/images/en-us_image_0000001911771617.png
:alt: **Figure 2** View the basic information and routes of the route table
**Figure 2** View the basic information and routes of the route table
.. |image1| image:: /_static/images/en-us_image_0000001818982734.png
.. |image2| image:: /_static/images/en-us_image_0000001865582701.png

8
umn/source/route_tables/managing_routes/adding_a_custom_route.rst
View File

@ -35,7 +35,7 @@ Procedure
You can click **+** to add more routes.
.. figure:: /_static/images/en-us_image_0000001818823258.png
.. figure:: /_static/images/en-us_image_0000001865582793.png
:alt: **Figure 1** Add Route
**Figure 1** Add Route
@ -45,6 +45,12 @@ Procedure
+-----------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------+
| Parameter | Description | Example Value |
+=======================+======================================================================================================================================================================+========================+
| Destination Type | Mandatory | IP address |
| | | |
| | The destination can be: | |
| | | |
| | - IP address: single IP address or IP address range | |
+-----------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------+
| Destination | Mandatory | IPv4: 192.168.0.0/16 |
| | | |
| | Enter the destination of the route. You can enter a single IP address or an IP address range in CIDR notation. | |

6
umn/source/route_tables/managing_routes/modifying_a_route.rst
View File

@ -40,6 +40,12 @@ Procedure
+-----------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Item | Description | Example Value |
+=======================+======================================================================================================================================================================+=======================+
| Destination Type | Mandatory | IP address |
| | | |
| | The destination can be: | |
| | | |
| | - **IP address**: Select this option if you want to enter an IP address or IP address range. | |
+-----------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Destination | Mandatory | Pv4: 192.168.0.0/16 |
| | | |
| | Enter the destination of the route. You can enter a single IP address or an IP address range in CIDR notation. | |

6
umn/source/virtual_ip_address/assigning_a_virtual_ip_address.rst
View File

@ -27,6 +27,12 @@ Procedure
#. Click the **IP Addresses** tab and click **Assign Virtual IP Address**.
.. figure:: /_static/images/en-us_image_0000001866046474.png
:alt: **Figure 1** Assign a virtual IP address
**Figure 1** Assign a virtual IP address
#. Select an IP address type. This parameter is available only in regions supporting IPv6.
- IPv4

6
umn/source/vpc_and_subnet/vpc/creating_a_vpc.rst
View File

@ -29,6 +29,12 @@ Procedure
A default subnet will be created together with a VPC and you can also click **Add Subnet** to create more subnets for the VPC.
.. figure:: /_static/images/en-us_image_0000001865837676.png
:alt: **Figure 1** Create a VPC and subnet
**Figure 1** Create a VPC and subnet
.. table:: **Table 1** VPC parameter descriptions
+-------------------------------------+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+

10
umn/source/vpc_peering_connection/deleting_routes_configured_for_a_vpc_peering_connection.rst
View File

@ -65,17 +65,11 @@ Only the account owner of a VPC in a VPC peering connection can delete the route
The page showing the VPC peering connection details is displayed.
e. Delete the route added to the route table of the local VPC:
#. Click the **Local Routes** tab and then click the **Route Tables** hyperlink.
The **Summary** tab of the default route table for the local VPC is displayed.
#. Locate the row that contains the route to be deleted and click **Delete** in the **Operation** column.
e. In the route list, locate the route and click **Delete** in the **Operation** column.
A confirmation dialog box is displayed.
#. Click **Yes**.
f. Confirm the information and click **OK**.
#. Log in to the management console using the account of the peer VPC and delete the route of the peer VPC by referring to :ref:`1 <vpc_peering_0006__li4105938135810>`.

18
umn/source/vpc_peering_connection/viewing_routes_configured_for_a_vpc_peering_connection.rst
View File

@ -40,6 +40,12 @@ Viewing Routes of a VPC Peering Connection Between VPCs in the Same Account
You can view the route destination, VPC, next hop, route table, and more.
.. figure:: /_static/images/en-us_image_0000001865828728.png
:alt: **Figure 1** View routes of a VPC peering connection between VPCs in the same account
**Figure 1** View routes of a VPC peering connection between VPCs in the same account
.. _vpc_peering_0004__section92403501475:
Viewing Routes of a VPC Peering Connection Between VPCs in Different Accounts
@ -69,8 +75,20 @@ Only the account owner of a VPC in a VPC peering connection can view the routes
You can view the route destination, VPC, next hop, route table, and more.
.. figure:: /_static/images/en-us_image_0000001865833004.png
:alt: **Figure 2** View the local routes of a VPC peering connection between VPCs in different accounts
**Figure 2** View the local routes of a VPC peering connection between VPCs in different accounts
#. Log in to the management console using the account of the peer VPC and view the route of the peer VPC by referring to :ref:`1 <vpc_peering_0004__li4105938135810>`.
.. figure:: /_static/images/en-us_image_0000001865674836.png
:alt: **Figure 3** View the peer routes of a VPC peering connection between VPCs in different accounts
**Figure 3** View the peer routes of a VPC peering connection between VPCs in different accounts
.. |image1| image:: /_static/images/en-us_image_0000001818982734.png
.. |image2| image:: /_static/images/en-us_image_0000001865662765.png
.. |image3| image:: /_static/images/en-us_image_0000001818982734.png

6
umn/source/vpc_peering_connection/viewing_vpc_peering_connections.rst
View File

@ -31,5 +31,11 @@ Procedure
On the displayed page, view details about the VPC peering connection.
.. figure:: /_static/images/en-us_image_0000001865884494.png
:alt: **Figure 1** View VPC peering connections
**Figure 1** View VPC peering connections
.. |image1| image:: /_static/images/en-us_image_0000001818982734.png
.. |image2| image:: /_static/images/en-us_image_0000001865663213.png