sgode/virtual-private-cloud
1
0
Fork 0
forked from docs/virtual-private-cloud
Code Pull Requests Activity

Update content

Browse Source
This commit is contained in:
OpenTelekomCloud Proposal Bot 2024-05-06 09:20:29 +00:00
parent a67520a9de
commit bb9de6c778
6 changed files with 62 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
umn/source/access_control/security_group/managing_security_group_rules/deleting_a_security_group_rule.rst
View File

@ -13,10 +13,7 @@ If your security group rule is no longer required, you can delete it.
Notes and Constraints
---------------------
Security group rules use whitelists. Deleting a security group rule may result in ECS access failures. Security group rules work as follows:
- Inbound rule: If an inbound request matches the source in an inbound security group rule with **Action** set to **Allow**, the request is allowed.
- Outbound rule: If the destination of an outbound security group rule with **Action** set to **Allow** is 0.0.0.0/0, all outbound requests are allowed.
Security group rules use whitelists. Deleting a security group rule may result in ECS access failures.
Procedure
---------

4
umn/source/change_history.rst
View File

@ -8,6 +8,10 @@ Change History
+-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Released On | Description |
+===================================+==================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================+
| 2024-05-06 | This release incorporates the following changes: |
| | |
| | Removed step links in :ref:`Configuring a VPC for ECSs That Do Not Require Internet Access <vpc_qs_0003>` and :ref:`Configuring a VPC for ECSs That Access the Internet Using EIPs <en-us_topic_0017816228>`. |
+-----------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| 2024-04-25 | This release incorporates the following changes: |
| | |
| | - Modified the procedure for deleting routes for a VPC peering connection between VPCs in different accounts in :ref:`Deleting Routes Configured for a VPC Peering Connection <vpc_peering_0006>`. |

7
umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/index.rst
View File

@ -12,13 +12,6 @@ Configuring a VPC for ECSs That Access the Internet Using EIPs
- :ref:`Step 4: Create a Security Group <vpc_qs_0012>`
- :ref:`Step 5: Add a Security Group Rule <vpc_qs_0013>`
- :ref:`Overview <vpc_qs_0022>`
- :ref:`Step 1: Create a VPC <vpc_qs_0009>`
- :ref:`Step 2: Create a Subnet for the VPC <vpc_qs_0010>`
- :ref:`Step 3: Assign an EIP and Bind It to an ECS <vpc_qs_0011>`
- :ref:`Step 4: Create a Security Group <vpc_qs_0012>`
- :ref:`Step 5: Add a Security Group Rule <vpc_qs_0013>`
.. toctree::
:maxdepth: 1
:hidden:

57
umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/step_4_create_a_security_group.rst
View File

@ -14,6 +14,61 @@ If your instances have different Internet access requirements, you can allocate
Each ECS must be associated with at least one security group. If you do not have a security group when creating an ECS, the system provides a default security group.
Security Group Templates
------------------------
The system provides several security group templates for you to create a security group. A security group template has preconfigured inbound and outbound rules. You can select a template based on your service requirements. :ref:`Table 1 <vpc_qs_0012__en-us_topic_0013748715_table117828131111>` describes the security group templates.
.. _vpc_qs_0012__en-us_topic_0013748715_table117828131111:
.. table:: **Table 1** Security group templates
+----------------------------+-----------+--------------------------+--------------------+-----------------------------------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Template | Direction | Protocol/Port/Type | Source/Destination | Description | Application Scenario |
+============================+===========+==========================+====================+===================================================================================================================================+============================================================================================================================================================================================================================+
| General-purpose web server | Inbound | TCP: 22 (IPv4) | 0.0.0.0/0 | Allows all IPv4 addresses to access ECSs in the security group over port 22 (SSH) for remotely logging in to Linux ECSs. | - Remotely log in to ECSs. |
| | | | | | - Use the ping command to test ECS connectivity. |
| | | | | | - ECSs functioning as web servers provide website access services. |
+----------------------------+-----------+--------------------------+--------------------+-----------------------------------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| | | TCP: 3389 (IPv4) | 0.0.0.0/0 | Allows all IPv4 addresses to access ECSs in the security group over port 3389 (RDP) for remotely logging in to Windows ECSs. | |
+----------------------------+-----------+--------------------------+--------------------+-----------------------------------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| | | TCP: 80 (IPv4) | 0.0.0.0/0 | Allows all IPv4 addresses to access ECSs in the security group over port 80 (HTTP) for visiting websites. | |
+----------------------------+-----------+--------------------------+--------------------+-----------------------------------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| | | TCP: 443 (IPv4) | 0.0.0.0/0 | Allows all IPv4 addresses to access ECSs in the security group over port 443 (HTTPS) for visiting websites. | |
+----------------------------+-----------+--------------------------+--------------------+-----------------------------------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| | | ICMP: All (IPv4) | 0.0.0.0/0 | Allows all IPv4 addresses to access ECSs in the security group over any port for using the ping command to test ECS connectivity. | |
+----------------------------+-----------+--------------------------+--------------------+-----------------------------------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| | | All (IPv4) | sg-xxx | Allows ECSs in the security group to communicate with each other. | |
| | | | | | |
| | | All (IPv6) | | | |
+----------------------------+-----------+--------------------------+--------------------+-----------------------------------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| | Outbound | All (IPv4) | 0.0.0.0/0 | Allows access from ECSs in the security group to any IP address over any port. | |
| | | | | | |
| | | All (IPv6) | | | |
+----------------------------+-----------+--------------------------+--------------------+-----------------------------------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| All ports open | Inbound | All (IPv4) | sg-xxx | Allows ECSs in the security group to communicate with each other. | Opening all ECS ports in a security group poses security risks. |
| | | | | | |
| | | All (IPv6) | | | |
+----------------------------+-----------+--------------------------+--------------------+-----------------------------------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| | | All (IPv4) | 0.0.0.0/0 | Allows all IP addresses to access ECSs in the security group over any port. | |
| | | | | | |
| | | All (IPv6) | | | |
+----------------------------+-----------+--------------------------+--------------------+-----------------------------------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| | Outbound | All (IPv4) | 0.0.0.0/0 | Allows access from ECSs in the security group to any IP address over any port. | |
| | | | | | |
| | | All (IPv6) | | | |
+----------------------------+-----------+--------------------------+--------------------+-----------------------------------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Fast-add rule | Inbound | All (IPv4) | sg-xxx | Allows ECSs in the security group to communicate with each other. | You can select protocols and ports that the inbound rule will apply to. |
| | | | | | |
| | | All (IPv6) | | | If you do not select any protocols and ports, no protocols and ports will be opened. After the security group is created, add required rules by referring to :ref:`Adding a Security Group Rule <en-us_topic_0030969470>`. |
+----------------------------+-----------+--------------------------+--------------------+-----------------------------------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| | | Custom port and protocol | 0.0.0.0/0 | Allows all IP addresses to access ECSs in a security group over specified ports (TCP or ICMP) for different purposes. | |
+----------------------------+-----------+--------------------------+--------------------+-----------------------------------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| | Outbound | All (IPv4) | 0.0.0.0/0 | Allows access from ECSs in the security group to any IP address over any port. | |
| | | | | | |
| | | All (IPv6) | ::/0 | | |
+----------------------------+-----------+--------------------------+--------------------+-----------------------------------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
Procedure
---------
@ -41,7 +96,7 @@ Procedure
**Figure 1** Create Security Group
.. table:: **Table 1** Parameter description
.. table:: **Table 2** Parameter description
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------+
| Parameter | Description | Example Value |

6
umn/source/getting_started/configuring_a_vpc_for_ecss_that_do_not_require_internet_access/index.rst
View File

@ -11,12 +11,6 @@ Configuring a VPC for ECSs That Do Not Require Internet Access
- :ref:`Step 3: Create a Security Group <vpc_qs_0007>`
- :ref:`Step 4: Add a Security Group Rule <vpc_qs_0008>`
- :ref:`Overview <vpc_qs_0004>`
- :ref:`Step 1: Create a VPC <vpc_qs_0005>`
- :ref:`Step 2: Create a Subnet for the VPC <vpc_qs_0006>`
- :ref:`Step 3: Create a Security Group <vpc_qs_0007>`
- :ref:`Step 4: Add a Security Group Rule <vpc_qs_0008>`
.. toctree::
:maxdepth: 1
:hidden:

2
umn/source/route_tables/managing_routes/modifying_a_route.rst
View File

@ -46,7 +46,7 @@ Procedure
| | | |
| | - **IP address**: Select this option if you want to enter an IP address or IP address range. | |
+-----------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Destination | Mandatory | Pv4: 192.168.0.0/16 |
| Destination | Mandatory | IPv4: 192.168.0.0/16 |
| | | |
| | Enter the destination of the route. You can enter a single IP address or an IP address range in CIDR notation. | |
| | | |