diff --git a/umn/source/access_control/security_group/managing_security_group_rules/deleting_a_security_group_rule.rst b/umn/source/access_control/security_group/managing_security_group_rules/deleting_a_security_group_rule.rst index 82e7710..7da34a1 100644 --- a/umn/source/access_control/security_group/managing_security_group_rules/deleting_a_security_group_rule.rst +++ b/umn/source/access_control/security_group/managing_security_group_rules/deleting_a_security_group_rule.rst @@ -13,10 +13,7 @@ If your security group rule is no longer required, you can delete it. Notes and Constraints --------------------- -Security group rules use whitelists. Deleting a security group rule may result in ECS access failures. Security group rules work as follows: - -- Inbound rule: If an inbound request matches the source in an inbound security group rule with **Action** set to **Allow**, the request is allowed. -- Outbound rule: If the destination of an outbound security group rule with **Action** set to **Allow** is 0.0.0.0/0, all outbound requests are allowed. +Security group rules use whitelists. Deleting a security group rule may result in ECS access failures. Procedure --------- diff --git a/umn/source/change_history.rst b/umn/source/change_history.rst index 683dc21..76eea13 100644 --- a/umn/source/change_history.rst +++ b/umn/source/change_history.rst @@ -8,6 +8,10 @@ Change History +-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | Released On | Description | +===================================+==================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================+ +| 2024-05-06 | This release incorporates the following changes: | +| | | +| | Removed step links in :ref:`Configuring a VPC for ECSs That Do Not Require Internet Access ` and :ref:`Configuring a VPC for ECSs That Access the Internet Using EIPs `. | ++-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | 2024-04-25 | This release incorporates the following changes: | | | | | | - Modified the procedure for deleting routes for a VPC peering connection between VPCs in different accounts in :ref:`Deleting Routes Configured for a VPC Peering Connection `. | diff --git a/umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/index.rst b/umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/index.rst index 7427416..1d37017 100644 --- a/umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/index.rst +++ b/umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/index.rst @@ -12,13 +12,6 @@ Configuring a VPC for ECSs That Access the Internet Using EIPs - :ref:`Step 4: Create a Security Group ` - :ref:`Step 5: Add a Security Group Rule ` -- :ref:`Overview ` -- :ref:`Step 1: Create a VPC ` -- :ref:`Step 2: Create a Subnet for the VPC ` -- :ref:`Step 3: Assign an EIP and Bind It to an ECS ` -- :ref:`Step 4: Create a Security Group ` -- :ref:`Step 5: Add a Security Group Rule ` - .. toctree:: :maxdepth: 1 :hidden: diff --git a/umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/step_4_create_a_security_group.rst b/umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/step_4_create_a_security_group.rst index d7a7b19..290395e 100644 --- a/umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/step_4_create_a_security_group.rst +++ b/umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/step_4_create_a_security_group.rst @@ -14,6 +14,61 @@ If your instances have different Internet access requirements, you can allocate Each ECS must be associated with at least one security group. If you do not have a security group when creating an ECS, the system provides a default security group. +Security Group Templates +------------------------ + +The system provides several security group templates for you to create a security group. A security group template has preconfigured inbound and outbound rules. You can select a template based on your service requirements. :ref:`Table 1 ` describes the security group templates. + +.. _vpc_qs_0012__en-us_topic_0013748715_table117828131111: + +.. table:: **Table 1** Security group templates + + +----------------------------+-----------+--------------------------+--------------------+-----------------------------------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Template | Direction | Protocol/Port/Type | Source/Destination | Description | Application Scenario | + +============================+===========+==========================+====================+===================================================================================================================================+============================================================================================================================================================================================================================+ + | General-purpose web server | Inbound | TCP: 22 (IPv4) | 0.0.0.0/0 | Allows all IPv4 addresses to access ECSs in the security group over port 22 (SSH) for remotely logging in to Linux ECSs. | - Remotely log in to ECSs. | + | | | | | | - Use the ping command to test ECS connectivity. | + | | | | | | - ECSs functioning as web servers provide website access services. | + +----------------------------+-----------+--------------------------+--------------------+-----------------------------------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | | | TCP: 3389 (IPv4) | 0.0.0.0/0 | Allows all IPv4 addresses to access ECSs in the security group over port 3389 (RDP) for remotely logging in to Windows ECSs. | | + +----------------------------+-----------+--------------------------+--------------------+-----------------------------------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | | | TCP: 80 (IPv4) | 0.0.0.0/0 | Allows all IPv4 addresses to access ECSs in the security group over port 80 (HTTP) for visiting websites. | | + +----------------------------+-----------+--------------------------+--------------------+-----------------------------------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | | | TCP: 443 (IPv4) | 0.0.0.0/0 | Allows all IPv4 addresses to access ECSs in the security group over port 443 (HTTPS) for visiting websites. | | + +----------------------------+-----------+--------------------------+--------------------+-----------------------------------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | | | ICMP: All (IPv4) | 0.0.0.0/0 | Allows all IPv4 addresses to access ECSs in the security group over any port for using the ping command to test ECS connectivity. | | + +----------------------------+-----------+--------------------------+--------------------+-----------------------------------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | | | All (IPv4) | sg-xxx | Allows ECSs in the security group to communicate with each other. | | + | | | | | | | + | | | All (IPv6) | | | | + +----------------------------+-----------+--------------------------+--------------------+-----------------------------------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | | Outbound | All (IPv4) | 0.0.0.0/0 | Allows access from ECSs in the security group to any IP address over any port. | | + | | | | | | | + | | | All (IPv6) | | | | + +----------------------------+-----------+--------------------------+--------------------+-----------------------------------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | All ports open | Inbound | All (IPv4) | sg-xxx | Allows ECSs in the security group to communicate with each other. | Opening all ECS ports in a security group poses security risks. | + | | | | | | | + | | | All (IPv6) | | | | + +----------------------------+-----------+--------------------------+--------------------+-----------------------------------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | | | All (IPv4) | 0.0.0.0/0 | Allows all IP addresses to access ECSs in the security group over any port. | | + | | | | | | | + | | | All (IPv6) | | | | + +----------------------------+-----------+--------------------------+--------------------+-----------------------------------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | | Outbound | All (IPv4) | 0.0.0.0/0 | Allows access from ECSs in the security group to any IP address over any port. | | + | | | | | | | + | | | All (IPv6) | | | | + +----------------------------+-----------+--------------------------+--------------------+-----------------------------------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | Fast-add rule | Inbound | All (IPv4) | sg-xxx | Allows ECSs in the security group to communicate with each other. | You can select protocols and ports that the inbound rule will apply to. | + | | | | | | | + | | | All (IPv6) | | | If you do not select any protocols and ports, no protocols and ports will be opened. After the security group is created, add required rules by referring to :ref:`Adding a Security Group Rule `. | + +----------------------------+-----------+--------------------------+--------------------+-----------------------------------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | | | Custom port and protocol | 0.0.0.0/0 | Allows all IP addresses to access ECSs in a security group over specified ports (TCP or ICMP) for different purposes. | | + +----------------------------+-----------+--------------------------+--------------------+-----------------------------------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + | | Outbound | All (IPv4) | 0.0.0.0/0 | Allows access from ECSs in the security group to any IP address over any port. | | + | | | | | | | + | | | All (IPv6) | ::/0 | | | + +----------------------------+-----------+--------------------------+--------------------+-----------------------------------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + Procedure --------- @@ -41,7 +96,7 @@ Procedure **Figure 1** Create Security Group - .. table:: **Table 1** Parameter description + .. table:: **Table 2** Parameter description +-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------+ | Parameter | Description | Example Value | diff --git a/umn/source/getting_started/configuring_a_vpc_for_ecss_that_do_not_require_internet_access/index.rst b/umn/source/getting_started/configuring_a_vpc_for_ecss_that_do_not_require_internet_access/index.rst index 8e660e4..8f4a5b5 100644 --- a/umn/source/getting_started/configuring_a_vpc_for_ecss_that_do_not_require_internet_access/index.rst +++ b/umn/source/getting_started/configuring_a_vpc_for_ecss_that_do_not_require_internet_access/index.rst @@ -11,12 +11,6 @@ Configuring a VPC for ECSs That Do Not Require Internet Access - :ref:`Step 3: Create a Security Group ` - :ref:`Step 4: Add a Security Group Rule ` -- :ref:`Overview ` -- :ref:`Step 1: Create a VPC ` -- :ref:`Step 2: Create a Subnet for the VPC ` -- :ref:`Step 3: Create a Security Group ` -- :ref:`Step 4: Add a Security Group Rule ` - .. toctree:: :maxdepth: 1 :hidden: diff --git a/umn/source/route_tables/managing_routes/modifying_a_route.rst b/umn/source/route_tables/managing_routes/modifying_a_route.rst index a37e319..c0b34f1 100644 --- a/umn/source/route_tables/managing_routes/modifying_a_route.rst +++ b/umn/source/route_tables/managing_routes/modifying_a_route.rst @@ -46,7 +46,7 @@ Procedure | | | | | | - **IP address**: Select this option if you want to enter an IP address or IP address range. | | +-----------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+ - | Destination | Mandatory | Pv4: 192.168.0.0/16 | + | Destination | Mandatory | IPv4: 192.168.0.0/16 | | | | | | | Enter the destination of the route. You can enter a single IP address or an IP address range in CIDR notation. | | | | | |