forked from docs/virtual-private-cloud
Compare commits
3 Commits
main
...
propose-vp
| Author | SHA1 | Date | |
|---|---|---|---|
| 1035a9f1b7 | |||
| c63034e042 | |||
| 0d97d05836 |
BIN
umn/source/_static/images/en-us_image_0000001646961692.png
Normal file
BIN
umn/source/_static/images/en-us_image_0000001646961692.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 128 B |
BIN
umn/source/_static/images/en-us_image_0000001796404809.png
Normal file
BIN
umn/source/_static/images/en-us_image_0000001796404809.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 23 KiB |
Binary file not shown.
|
Before Width: | Height: | Size: 10 KiB |
@ -43,49 +43,49 @@ Procedure
|
|||||||
|
|
||||||
.. table:: **Table 1** Parameter descriptions
|
.. table:: **Table 1** Parameter descriptions
|
||||||
|
|
||||||
+------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
||||||
| Parameter | Description | Example Value |
|
| Parameter | Description | Example Value |
|
||||||
+========================+========================================================================================================================================================================================+=======================+
|
+========================+=================================================================================================================================================================================================================================================================================================================================+=======================+
|
||||||
| Type | The firewall type. This parameter is mandatory. You can select a value from the drop-down list. Currently, only **IPv4** and **IPv6** are supported. | IPv4 |
|
| Type | The firewall type. This parameter is mandatory. You can select a value from the drop-down list. Currently, only **IPv4** and **IPv6** are supported. | IPv4 |
|
||||||
+------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
||||||
| Action | The action in the firewall. This parameter is mandatory. You can select a value from the drop-down list. Currently, the value can be **Allow** or **Deny**. | Allow |
|
| Action | The action in the firewall. This parameter is mandatory. You can select a value from the drop-down list. Currently, the value can be **Allow** or **Deny**. | Allow |
|
||||||
+------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
||||||
| Protocol | The protocol supported by the firewall. This parameter is mandatory. You can select a protocol from the drop-down list. | TCP |
|
| Protocol | The protocol supported by the firewall. This parameter is mandatory. You can select a protocol from the drop-down list. | TCP |
|
||||||
| | | |
|
| | | |
|
||||||
| | You can select **TCP**, **UDP**, **ICMP**, or **All**. | |
|
| | You can select **TCP**, **UDP**, **ICMP**, or **All**. | |
|
||||||
+------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
||||||
| Source | The source from which the traffic is allowed. The source can be an IP address or IP address range. | 0.0.0.0/0 |
|
| Source | The source from which the traffic is allowed. The source can be an IP address or IP address range. | 0.0.0.0/0 |
|
||||||
| | | |
|
| | | |
|
||||||
| | - IP address: | |
|
| | - IP address: | |
|
||||||
| | | |
|
| | | |
|
||||||
| | - Single IP address: 192.168.10.10/32 | |
|
| | - Single IP address: 192.168.10.10/32 | |
|
||||||
| | - All IP addresses: 0.0.0.0/0 | |
|
| | - All IP addresses: 0.0.0.0/0 | |
|
||||||
| | - IP address range: 192.168.1.0/24 | |
|
| | - IP address range: 192.168.1.0/24 | |
|
||||||
| | | |
|
| | | |
|
||||||
| | - Security group: sg-A | |
|
| | - IP address group: The source is an IP address group. An IP address group is a collection of one or more IP addresses. You can select an available IP address group from the drop-down list. An IP address group can help you manage IP address ranges and IP addresses with same security requirements in a more simple way. | |
|
||||||
+------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
||||||
| Source Port Range | The source port number or port number range. The value ranges from 1 to 65535. For a port number range, enter two port numbers connected by a hyphen (-). For example, **1-100**. | 22, or 22-30 |
|
| Source Port Range | The source port number or port number range. The value ranges from 1 to 65535. For a port number range, enter two port numbers connected by a hyphen (-). For example, **1-100**. | 22, or 22-30 |
|
||||||
| | | |
|
| | | |
|
||||||
| | You must specify this parameter if **TCP** or **UDP** is selected for **Protocol**. | |
|
| | You must specify this parameter if **TCP** or **UDP** is selected for **Protocol**. | |
|
||||||
+------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
||||||
| Destination | The destination to which the traffic is allowed. The destination can be an IP address or IP address range. | 0.0.0.0/0 |
|
| Destination | The destination to which the traffic is allowed. The destination can be an IP address or IP address range. | 0.0.0.0/0 |
|
||||||
| | | |
|
| | | |
|
||||||
| | - IP address: | |
|
| | - IP address: | |
|
||||||
| | | |
|
| | | |
|
||||||
| | - Single IP address: 192.168.10.10/32 | |
|
| | - Single IP address: 192.168.10.10/32 | |
|
||||||
| | - All IP addresses: 0.0.0.0/0 | |
|
| | - All IP addresses: 0.0.0.0/0 | |
|
||||||
| | - IP address range: 192.168.1.0/24 | |
|
| | - IP address range: 192.168.1.0/24 | |
|
||||||
| | | |
|
| | | |
|
||||||
| | - Security group: sg-A | |
|
| | - IP address group: The source is an IP address group. An IP address group is a collection of one or more IP addresses. You can select an available IP address group from the drop-down list. An IP address group can help you manage IP address ranges and IP addresses with same security requirements in a more simple way. | |
|
||||||
+------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
||||||
| Destination Port Range | The destination port number or port number range. The value ranges from 1 to 65535. For a port number range, enter two port numbers connected by a hyphen (-). For example, **1-100**. | 22, or 22-30 |
|
| Destination Port Range | The destination port number or port number range. The value ranges from 1 to 65535. For a port number range, enter two port numbers connected by a hyphen (-). For example, **1-100**. | 22, or 22-30 |
|
||||||
| | | |
|
| | | |
|
||||||
| | You must specify this parameter if **TCP** or **UDP** is selected for **Protocol**. | |
|
| | You must specify this parameter if **TCP** or **UDP** is selected for **Protocol**. | |
|
||||||
+------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
||||||
| Description | Supplementary information about the firewall rule. This parameter is optional. | N/A |
|
| Description | Supplementary information about the firewall rule. This parameter is optional. | N/A |
|
||||||
| | | |
|
| | | |
|
||||||
| | The description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | |
|
| | The description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | |
|
||||||
+------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
||||||
|
|
||||||
7. Click **OK**.
|
7. Click **OK**.
|
||||||
|
|
||||||
|
|||||||
@ -8,12 +8,13 @@ Associating Subnets with a Firewall
|
|||||||
Scenarios
|
Scenarios
|
||||||
---------
|
---------
|
||||||
|
|
||||||
You can associate a firewall with a subnet to protect resources in the subnet. After a firewall is associated with a subnet, the firewall denies all traffic to and from the subnet until you add rules to allow traffic.
|
You can associate a firewall with a subnet to protect resources in the subnet.
|
||||||
|
|
||||||
Notes and Constraints
|
Notes and Constraints
|
||||||
---------------------
|
---------------------
|
||||||
|
|
||||||
You can associate a firewall with multiple subnets. However, a subnet can only be associated with one firewall at a time.
|
- You can associate a firewall with multiple subnets. However, a subnet can only be associated with one firewall at a time.
|
||||||
|
- After a firewall is associated with a subnet, the default firewall rules deny all traffic to and from the subnet until you add custom rules to allow traffic. For details, see :ref:`Adding a Firewall Rule <en-us_topic_0051746702>`.
|
||||||
|
|
||||||
Procedure
|
Procedure
|
||||||
---------
|
---------
|
||||||
@ -32,13 +33,13 @@ Procedure
|
|||||||
|
|
||||||
6. On the displayed page, click the **Associated Subnets** tab.
|
6. On the displayed page, click the **Associated Subnets** tab.
|
||||||
|
|
||||||
7. On the **Associated Subnets** page, click **Associate**.
|
7. On the **Associated Subnets** tab, click **Associate**.
|
||||||
|
|
||||||
8. On the displayed page, select the subnets to be associated with the firewall, and click **OK**.
|
8. On the displayed page, select the subnets to be associated with the firewall, and click **OK**.
|
||||||
|
|
||||||
.. note::
|
.. note::
|
||||||
|
|
||||||
Subnets with firewalls associated will not be displayed on the page for you to select. If you want to associate such a subnet with another firewall, you must first disassociate the subnet from the original firewall. One-click subnet association and disassociation are not supported currently. A subnet can only be associated with one firewall.
|
A subnet with a firewall associated will not be displayed on the page for you to select. If you want to associate such a subnet with another firewall, you must first disassociate the subnet from the original firewall. One-click subnet association and disassociation are not supported currently. A subnet can only be associated with one firewall.
|
||||||
|
|
||||||
.. |image1| image:: /_static/images/en-us_image_0141273034.png
|
.. |image1| image:: /_static/images/en-us_image_0141273034.png
|
||||||
.. |image2| image:: /_static/images/en-us_image_0000001626734158.png
|
.. |image2| image:: /_static/images/en-us_image_0000001626734158.png
|
||||||
|
|||||||
@ -2,13 +2,13 @@
|
|||||||
|
|
||||||
.. _vpc_acl_0003:
|
.. _vpc_acl_0003:
|
||||||
|
|
||||||
Disassociating a Subnet from a Firewall
|
Disassociating Subnets from a Firewall
|
||||||
=======================================
|
======================================
|
||||||
|
|
||||||
Scenarios
|
Scenarios
|
||||||
---------
|
---------
|
||||||
|
|
||||||
Disassociate a subnet from a firewall when necessary.
|
You can disassociate a subnet from its firewall based on your network requirements.
|
||||||
|
|
||||||
Procedure
|
Procedure
|
||||||
---------
|
---------
|
||||||
@ -33,7 +33,7 @@ Procedure
|
|||||||
|
|
||||||
**Disassociating subnets from a firewall**
|
**Disassociating subnets from a firewall**
|
||||||
|
|
||||||
Select multiple subnets and click **Disassociate** above the subnet list to disassociate the subnets from a firewall at a time.
|
Select multiple subnets and click **Disassociate** above the subnet list to disassociate the subnets from the firewall at a time.
|
||||||
|
|
||||||
.. |image1| image:: /_static/images/en-us_image_0141273034.png
|
.. |image1| image:: /_static/images/en-us_image_0141273034.png
|
||||||
.. |image2| image:: /_static/images/en-us_image_0000001675413845.png
|
.. |image2| image:: /_static/images/en-us_image_0000001675413845.png
|
||||||
@ -10,7 +10,7 @@ Firewall
|
|||||||
- :ref:`Creating a Firewall <en-us_topic_0051746698>`
|
- :ref:`Creating a Firewall <en-us_topic_0051746698>`
|
||||||
- :ref:`Adding a Firewall Rule <en-us_topic_0051746702>`
|
- :ref:`Adding a Firewall Rule <en-us_topic_0051746702>`
|
||||||
- :ref:`Associating Subnets with a Firewall <en-us_topic_0051746700>`
|
- :ref:`Associating Subnets with a Firewall <en-us_topic_0051746700>`
|
||||||
- :ref:`Disassociating a Subnet from a Firewall <vpc_acl_0003>`
|
- :ref:`Disassociating Subnets from a Firewall <vpc_acl_0003>`
|
||||||
- :ref:`Changing the Sequence of a Firewall Rule <vpc_acl_0004>`
|
- :ref:`Changing the Sequence of a Firewall Rule <vpc_acl_0004>`
|
||||||
- :ref:`Modifying a Firewall Rule <vpc_acl_0005>`
|
- :ref:`Modifying a Firewall Rule <vpc_acl_0005>`
|
||||||
- :ref:`Enabling or Disabling a Firewall Rule <vpc_acl_0006>`
|
- :ref:`Enabling or Disabling a Firewall Rule <vpc_acl_0006>`
|
||||||
@ -29,7 +29,7 @@ Firewall
|
|||||||
creating_a_firewall
|
creating_a_firewall
|
||||||
adding_a_firewall_rule
|
adding_a_firewall_rule
|
||||||
associating_subnets_with_a_firewall
|
associating_subnets_with_a_firewall
|
||||||
disassociating_a_subnet_from_a_firewall
|
disassociating_subnets_from_a_firewall
|
||||||
changing_the_sequence_of_a_firewall_rule
|
changing_the_sequence_of_a_firewall_rule
|
||||||
modifying_a_firewall_rule
|
modifying_a_firewall_rule
|
||||||
enabling_or_disabling_a_firewall_rule
|
enabling_or_disabling_a_firewall_rule
|
||||||
|
|||||||
@ -37,49 +37,49 @@ Procedure
|
|||||||
|
|
||||||
.. table:: **Table 1** Parameter descriptions
|
.. table:: **Table 1** Parameter descriptions
|
||||||
|
|
||||||
+------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
||||||
| Parameter | Description | Example Value |
|
| Parameter | Description | Example Value |
|
||||||
+========================+========================================================================================================================================================================================+=======================+
|
+========================+=================================================================================================================================================================================================================================================================================================================================+=======================+
|
||||||
| Type | The firewall type. This parameter is mandatory. You can select a value from the drop-down list. Currently, only **IPv4** and **IPv6** are supported. | IPv4 |
|
| Type | The firewall type. This parameter is mandatory. You can select a value from the drop-down list. Currently, only **IPv4** and **IPv6** are supported. | IPv4 |
|
||||||
+------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
||||||
| Action | The action in the firewall. This parameter is mandatory. You can select a value from the drop-down list. Currently, the value can be **Allow** or **Deny**. | Allow |
|
| Action | The action in the firewall. This parameter is mandatory. You can select a value from the drop-down list. Currently, the value can be **Allow** or **Deny**. | Allow |
|
||||||
+------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
||||||
| Protocol | The protocol supported by the firewall. This parameter is mandatory. You can select a protocol from the drop-down list. | TCP |
|
| Protocol | The protocol supported by the firewall. This parameter is mandatory. You can select a protocol from the drop-down list. | TCP |
|
||||||
| | | |
|
| | | |
|
||||||
| | You can select **TCP**, **UDP**, **ICMP**, or **All**. | |
|
| | You can select **TCP**, **UDP**, **ICMP**, or **All**. | |
|
||||||
+------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
||||||
| Source | The source from which the traffic is allowed. The source can be an IP address or IP address range. | 0.0.0.0/0 |
|
| Source | The source from which the traffic is allowed. The source can be an IP address or IP address range. | 0.0.0.0/0 |
|
||||||
| | | |
|
| | | |
|
||||||
| | - IP address: | |
|
| | - IP address: | |
|
||||||
| | | |
|
| | | |
|
||||||
| | - Single IP address: 192.168.10.10/32 | |
|
| | - Single IP address: 192.168.10.10/32 | |
|
||||||
| | - All IP addresses: 0.0.0.0/0 | |
|
| | - All IP addresses: 0.0.0.0/0 | |
|
||||||
| | - IP address range: 192.168.1.0/24 | |
|
| | - IP address range: 192.168.1.0/24 | |
|
||||||
| | | |
|
| | | |
|
||||||
| | - Security group: sg-A | |
|
| | - IP address group: The source is an IP address group. An IP address group is a collection of one or more IP addresses. You can select an available IP address group from the drop-down list. An IP address group can help you manage IP address ranges and IP addresses with same security requirements in a more simple way. | |
|
||||||
+------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
||||||
| Source Port Range | The source port number or port number range. The value ranges from 1 to 65535. For a port number range, enter two port numbers connected by a hyphen (-). For example, **1-100**. | 22, or 22-30 |
|
| Source Port Range | The source port number or port number range. The value ranges from 1 to 65535. For a port number range, enter two port numbers connected by a hyphen (-). For example, **1-100**. | 22, or 22-30 |
|
||||||
| | | |
|
| | | |
|
||||||
| | You must specify this parameter if **TCP** or **UDP** is selected for **Protocol**. | |
|
| | You must specify this parameter if **TCP** or **UDP** is selected for **Protocol**. | |
|
||||||
+------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
||||||
| Destination | The destination to which the traffic is allowed. The destination can be an IP address or IP address range. | 0.0.0.0/0 |
|
| Destination | The destination to which the traffic is allowed. The destination can be an IP address or IP address range. | 0.0.0.0/0 |
|
||||||
| | | |
|
| | | |
|
||||||
| | - IP address: | |
|
| | - IP address: | |
|
||||||
| | | |
|
| | | |
|
||||||
| | - Single IP address: 192.168.10.10/32 | |
|
| | - Single IP address: 192.168.10.10/32 | |
|
||||||
| | - All IP addresses: 0.0.0.0/0 | |
|
| | - All IP addresses: 0.0.0.0/0 | |
|
||||||
| | - IP address range: 192.168.1.0/24 | |
|
| | - IP address range: 192.168.1.0/24 | |
|
||||||
| | | |
|
| | | |
|
||||||
| | - Security group: sg-A | |
|
| | - IP address group: The source is an IP address group. An IP address group is a collection of one or more IP addresses. You can select an available IP address group from the drop-down list. An IP address group can help you manage IP address ranges and IP addresses with same security requirements in a more simple way. | |
|
||||||
+------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
||||||
| Destination Port Range | The destination port number or port number range. The value ranges from 1 to 65535. For a port number range, enter two port numbers connected by a hyphen (-). For example, **1-100**. | 22, or 22-30 |
|
| Destination Port Range | The destination port number or port number range. The value ranges from 1 to 65535. For a port number range, enter two port numbers connected by a hyphen (-). For example, **1-100**. | 22, or 22-30 |
|
||||||
| | | |
|
| | | |
|
||||||
| | You must specify this parameter if **TCP** or **UDP** is selected for **Protocol**. | |
|
| | You must specify this parameter if **TCP** or **UDP** is selected for **Protocol**. | |
|
||||||
+------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
||||||
| Description | Supplementary information about the firewall rule. This parameter is optional. | N/A |
|
| Description | Supplementary information about the firewall rule. This parameter is optional. | N/A |
|
||||||
| | | |
|
| | | |
|
||||||
| | The description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | |
|
| | The description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | |
|
||||||
+------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
||||||
|
|
||||||
7. Click **Confirm**.
|
7. Click **Confirm**.
|
||||||
|
|
||||||
|
|||||||
File diff suppressed because it is too large
Load Diff
@ -0,0 +1,71 @@
|
|||||||
|
:original_name: SecurityGroup_0005.html
|
||||||
|
|
||||||
|
.. _SecurityGroup_0005:
|
||||||
|
|
||||||
|
Allowing Common Ports with A Few Clicks
|
||||||
|
=======================================
|
||||||
|
|
||||||
|
Scenarios
|
||||||
|
---------
|
||||||
|
|
||||||
|
You can configure a security group to allow common ports with a few clicks. This function is suitable for the following scenarios:
|
||||||
|
|
||||||
|
- Remotely log in to ECSs.
|
||||||
|
- Use the ping command to test ECS connectivity.
|
||||||
|
- ECSs functioning as web servers provide website access services.
|
||||||
|
|
||||||
|
:ref:`Table 1 <securitygroup_0005__table117828131111>` describes the common ports that can be opened with a few clicks.
|
||||||
|
|
||||||
|
.. _securitygroup_0005__table117828131111:
|
||||||
|
|
||||||
|
.. table:: **Table 1** Common ports
|
||||||
|
|
||||||
|
+-----------------+------------------------+--------------------+-----------------------------------------------------------------------------------------------------------------------------------+
|
||||||
|
| Direction | Protocol & Port & Type | Source/Destination | Description |
|
||||||
|
+=================+========================+====================+===================================================================================================================================+
|
||||||
|
| Inbound | TCP: 22 (IPv4) | 0.0.0.0/0 | Allows all IPv4 addresses to access ECSs in the security group over port 22 (SSH) for remotely logging in to Linux ECSs. |
|
||||||
|
+-----------------+------------------------+--------------------+-----------------------------------------------------------------------------------------------------------------------------------+
|
||||||
|
| | TCP: 3389 (IPv4) | 0.0.0.0/0 | Allows all IPv4 addresses to access ECSs in the security group over port 3389 (RDP) for remotely logging in to Windows ECSs. |
|
||||||
|
+-----------------+------------------------+--------------------+-----------------------------------------------------------------------------------------------------------------------------------+
|
||||||
|
| | TCP: 80 (IPv4) | 0.0.0.0/0 | Allows all IPv4 addresses to access ECSs in the security group over port 80 (HTTP) for visiting websites. |
|
||||||
|
+-----------------+------------------------+--------------------+-----------------------------------------------------------------------------------------------------------------------------------+
|
||||||
|
| | TCP: 443 (IPv4) | 0.0.0.0/0 | Allows all IPv4 addresses to access ECSs in the security group over port 443 (HTTPS) for visiting websites. |
|
||||||
|
+-----------------+------------------------+--------------------+-----------------------------------------------------------------------------------------------------------------------------------+
|
||||||
|
| | TCP: 20-21 (IPv4) | 0.0.0.0/0 | Allows all IPv4 addresses to access ECSs in the security group over ports 20 and 21 (FTP) for uploading or downloading files. |
|
||||||
|
+-----------------+------------------------+--------------------+-----------------------------------------------------------------------------------------------------------------------------------+
|
||||||
|
| | ICMP: All (IPv4) | 0.0.0.0/0 | Allows all IPv4 addresses to access ECSs in the security group over any port for using the ping command to test ECS connectivity. |
|
||||||
|
+-----------------+------------------------+--------------------+-----------------------------------------------------------------------------------------------------------------------------------+
|
||||||
|
| Outbound | All (IPv4) | 0.0.0.0/0 | Allows access from ECSs in the security group to any IP address over any port. |
|
||||||
|
| | | | |
|
||||||
|
| | All (IPv6) | ::/0 | |
|
||||||
|
+-----------------+------------------------+--------------------+-----------------------------------------------------------------------------------------------------------------------------------+
|
||||||
|
|
||||||
|
Procedure
|
||||||
|
---------
|
||||||
|
|
||||||
|
#. Log in to the management console.
|
||||||
|
|
||||||
|
#. Click |image1| in the upper left corner and select the desired region and project.
|
||||||
|
|
||||||
|
#. Click |image2| in the upper left corner and choose **Network** > **Virtual Private Cloud**.
|
||||||
|
|
||||||
|
The **Virtual Private Cloud** page is displayed.
|
||||||
|
|
||||||
|
#. In the navigation pane on the left, choose **Access Control** > **Security Groups**.
|
||||||
|
|
||||||
|
The security group list is displayed.
|
||||||
|
|
||||||
|
#. In the security group list, click the name of the security group.
|
||||||
|
|
||||||
|
The security group details page is displayed.
|
||||||
|
|
||||||
|
#. Click the **Inbound Rules** or **Outbound Rules** tab, and then click **Allow Common Ports**.
|
||||||
|
|
||||||
|
The **Allow Common Ports** page is displayed.
|
||||||
|
|
||||||
|
#. Click **OK**.
|
||||||
|
|
||||||
|
After the operation is complete, you can view the added rules in the security group rule list.
|
||||||
|
|
||||||
|
.. |image1| image:: /_static/images/en-us_image_0141273034.png
|
||||||
|
.. |image2| image:: /_static/images/en-us_image_0000001646961692.png
|
||||||
@ -16,10 +16,6 @@ You can clone a security group in the following scenarios:
|
|||||||
- If you need new security group rules, you can clone the original security group as a backup.
|
- If you need new security group rules, you can clone the original security group as a backup.
|
||||||
- Before you modify security group rules used by a service, you can clone the security group and modify the security group rules in the test environment to ensure that the modified rules work.
|
- Before you modify security group rules used by a service, you can clone the security group and modify the security group rules in the test environment to ensure that the modified rules work.
|
||||||
|
|
||||||
.. note::
|
|
||||||
|
|
||||||
Security group cloning is not supported now.
|
|
||||||
|
|
||||||
Notes and Constraints
|
Notes and Constraints
|
||||||
---------------------
|
---------------------
|
||||||
|
|
||||||
|
|||||||
@ -5,7 +5,7 @@
|
|||||||
Default Security Group and Its Rules
|
Default Security Group and Its Rules
|
||||||
====================================
|
====================================
|
||||||
|
|
||||||
If you have not created any security group, the system automatically creates a default security group for you and associates it with the instance (such as an ECS) when you create it. A default security group has the following rules:
|
If you have not created any security groups yet, the system automatically creates a default security group for you and associates it with the instance (such as an ECS) when you create it. A default security group has the following rules:
|
||||||
|
|
||||||
- Inbound rules control incoming traffic to instances in a security group. Only instances in the same security group can communicate with each other, and all inbound requests are denied.
|
- Inbound rules control incoming traffic to instances in a security group. Only instances in the same security group can communicate with each other, and all inbound requests are denied.
|
||||||
- Outbound rules allow all outbound traffic and response traffic to the outbound requests.
|
- Outbound rules allow all outbound traffic and response traffic to the outbound requests.
|
||||||
|
|||||||
File diff suppressed because it is too large
Load Diff
@ -51,36 +51,42 @@ Procedure
|
|||||||
|
|
||||||
.. table:: **Table 1** Template parameters
|
.. table:: **Table 1** Template parameters
|
||||||
|
|
||||||
+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------+
|
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------+
|
||||||
| Parameter | Description | Example Value |
|
| Parameter | Description | Example Value |
|
||||||
+=======================+=============================================================================================================================================================================+====================================+
|
+=======================+====================================================================================================================================================================================================================================================================================================================================================================================================================+====================================+
|
||||||
| Direction | The direction in which the security group rule takes effect. | Inbound |
|
| Direction | The direction in which the security group rule takes effect. | Inbound |
|
||||||
| | | |
|
| | | |
|
||||||
| | - **Inbound**: Inbound rules control incoming traffic to instances in the security group. | |
|
| | - **Inbound**: Inbound rules control incoming traffic to instances in the security group. | |
|
||||||
| | - **Outbound**: Outbound rules control outgoing traffic from instances in the security group. | |
|
| | - **Outbound**: Outbound rules control outgoing traffic from instances in the security group. | |
|
||||||
+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------+
|
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------+
|
||||||
| Protocol & Port | The network protocol used to match traffic in a security group rule. | TCP |
|
| Protocol & Port | The network protocol used to match traffic in a security group rule. | TCP |
|
||||||
| | | |
|
| | | |
|
||||||
| | Currently, the value can be **All**, **TCP**, **UDP**, **GRE**, **ICMP**, or more. | |
|
| | Currently, the value can be **All**, **TCP**, **UDP**, **GRE**, **ICMP**, or more. | |
|
||||||
+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------+
|
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------+
|
||||||
| | **Port**: The port or port range over which traffic can reach your ECS. The value can be from 1 to 65535. | 22, or 22-30 |
|
| | **Port**: The port or port range over which traffic can reach your ECS. The value can be from 1 to 65535. | 22, or 22-30 |
|
||||||
+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------+
|
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------+
|
||||||
| Source | Source of the security group rule. The value can be an IP address or a security group to allow access from IP addresses or instances in the security group. For example: | sg-test[96a8a93f-XXX-d7872990c314] |
|
| Type | Source IP address version. You can select: | IPv4 |
|
||||||
| | | |
|
| | | |
|
||||||
| | - IP address: | |
|
| | - IPv4 | |
|
||||||
| | | |
|
| | - IPv6 | |
|
||||||
| | - Single IP address: 192.168.10.10/32 | |
|
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------+
|
||||||
| | - All IP addresses: 0.0.0.0/0 | |
|
| Source | Source of the security group rule. The value can be an IP address, a security group, or an IP address group to allow access from IP addresses or instances in the security group. For example: | sg-test[96a8a93f-XXX-d7872990c314] |
|
||||||
| | - IP address range: 192.168.1.0/24 | |
|
| | | |
|
||||||
| | | |
|
| | - IP address: | |
|
||||||
| | - Security group: sg-A | |
|
| | | |
|
||||||
+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------+
|
| | - Single IP address: 192.168.10.10/32 | |
|
||||||
| Destination | Destination of the security group rule. The value can be an IP address or a security group to allow access to IP addresses or instances in the security group. For example: | sg-test[96a8a93f-XXX-d7872990c314] |
|
| | - All IP addresses: 0.0.0.0/0 | |
|
||||||
+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------+
|
| | - IP address range: 192.168.1.0/24 | |
|
||||||
| Description | Supplementary information about the security group rule. This parameter is optional. | ``-`` |
|
| | | |
|
||||||
| | | |
|
| | - **Security group**: The source is from another security group. You can select a security group in the same region under the current account from the drop-down list. Instance A is in security group A and instance B is in security group B. If security group A has an inbound rule with **Action** set to **Allow** and **Source** set to security group B, access from instance B is allowed to instance A. | |
|
||||||
| | The security group rule description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | |
|
| | - **IP address group**: An IP address group is a collection of one or more IP addresses. You can select an available IP address group from the drop-down list. An IP address group can help you manage IP address ranges and IP addresses with same security requirements in a more simple way. | |
|
||||||
+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------+
|
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------+
|
||||||
|
| Destination | Destination of the security group rule. The value can be an IP address or a security group to allow access to IP addresses or instances in the security group. For example: | sg-test[96a8a93f-XXX-d7872990c314] |
|
||||||
|
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------+
|
||||||
|
| Description | Supplementary information about the security group rule. This parameter is optional. | ``-`` |
|
||||||
|
| | | |
|
||||||
|
| | The security group rule description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | |
|
||||||
|
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------+
|
||||||
|
|
||||||
.. |image1| image:: /_static/images/en-us_image_0141273034.png
|
.. |image1| image:: /_static/images/en-us_image_0141273034.png
|
||||||
.. |image2| image:: /_static/images/en-us_image_0000001675254013.png
|
.. |image2| image:: /_static/images/en-us_image_0000001675254013.png
|
||||||
|
|||||||
@ -14,6 +14,7 @@ Security Group
|
|||||||
- :ref:`Deleting a Security Group <vpc_securitygroup_0008>`
|
- :ref:`Deleting a Security Group <vpc_securitygroup_0008>`
|
||||||
- :ref:`Adding a Security Group Rule <en-us_topic_0030969470>`
|
- :ref:`Adding a Security Group Rule <en-us_topic_0030969470>`
|
||||||
- :ref:`Fast-Adding Security Group Rules <securitygroup_0004>`
|
- :ref:`Fast-Adding Security Group Rules <securitygroup_0004>`
|
||||||
|
- :ref:`Allowing Common Ports with A Few Clicks <securitygroup_0005>`
|
||||||
- :ref:`Modifying a Security Group Rule <vpc_securitygroup_0005>`
|
- :ref:`Modifying a Security Group Rule <vpc_securitygroup_0005>`
|
||||||
- :ref:`Replicating a Security Group Rule <vpc_securitygroup_0004>`
|
- :ref:`Replicating a Security Group Rule <vpc_securitygroup_0004>`
|
||||||
- :ref:`Importing and Exporting Security Group Rules <vpc_securitygroup_0007>`
|
- :ref:`Importing and Exporting Security Group Rules <vpc_securitygroup_0007>`
|
||||||
@ -35,6 +36,7 @@ Security Group
|
|||||||
deleting_a_security_group
|
deleting_a_security_group
|
||||||
adding_a_security_group_rule
|
adding_a_security_group_rule
|
||||||
fast-adding_security_group_rules
|
fast-adding_security_group_rules
|
||||||
|
allowing_common_ports_with_a_few_clicks
|
||||||
modifying_a_security_group_rule
|
modifying_a_security_group_rule
|
||||||
replicating_a_security_group_rule
|
replicating_a_security_group_rule
|
||||||
importing_and_exporting_security_group_rules
|
importing_and_exporting_security_group_rules
|
||||||
|
|||||||
@ -8,9 +8,9 @@ Security Groups and Security Group Rules
|
|||||||
Security Groups
|
Security Groups
|
||||||
---------------
|
---------------
|
||||||
|
|
||||||
A security group is a collection of access control rules for cloud resources, such as cloud servers, containers, and databases, that have the same security protection requirements and that are mutually trusted. After a security group is created, you can create various access rules for the security group, these rules will apply to all cloud resources added to this security group.
|
A security group is a collection of access control rules for cloud resources, such as cloud servers, containers, and databases, that have the same security protection requirements and that are mutually trusted. After a security group is created, you can create various access rules for the security group and these rules will apply to all cloud resources added to this security group.
|
||||||
|
|
||||||
If you have not created any security group yet, the system automatically creates a default security group for you and associates it with the instance (such as an ECS) when you create it. For details about the default security group, see :ref:`Default Security Group and Its Rules <securitygroup_0003>`.
|
If you have not created any security groups yet, the system automatically creates a default security group for you and associates it with the instance (such as an ECS) when you create it. For details about the default security group, see :ref:`Default Security Group and Its Rules <securitygroup_0003>`.
|
||||||
|
|
||||||
Security groups are stateful. If you send a request from your instance and the outbound traffic is allowed, the response traffic for that request is allowed to flow in regardless of inbound security group rules. Similarly, if inbound traffic is allowed, responses to allowed inbound traffic are allowed to flow out, regardless of outbound rules.
|
Security groups are stateful. If you send a request from your instance and the outbound traffic is allowed, the response traffic for that request is allowed to flow in regardless of inbound security group rules. Similarly, if inbound traffic is allowed, responses to allowed inbound traffic are allowed to flow out, regardless of outbound rules.
|
||||||
|
|
||||||
@ -29,42 +29,46 @@ A security group has inbound and outbound rules to control traffic that's allowe
|
|||||||
|
|
||||||
.. table:: **Table 1** Security group rule information
|
.. table:: **Table 1** Security group rule information
|
||||||
|
|
||||||
+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
|
+-----------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
|
||||||
| Parameter | Description |
|
| Parameter | Description |
|
||||||
+===================================+========================================================================================================================================================================================================================+
|
+===================================+=====================================================================================================================================================================================================================================+
|
||||||
| Protocol | The network protocol used to match traffic in a security group rule. Currently, the value can be **All**, **TCP**, **UDP**, **GRE**, **ICMP**, or more. |
|
| Protocol | The network protocol used to match traffic in a security group rule. Currently, the value can be **All**, **TCP**, **UDP**, **GRE**, **ICMP**, or more. |
|
||||||
+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
|
+-----------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
|
||||||
| Port | Destination port used to match traffic in a security group rule. The value can be from 1 to 65535. |
|
| Port | Destination port used to match traffic in a security group rule. The value can be from 1 to 65535. |
|
||||||
| | |
|
| | |
|
||||||
| | - Inbound rules control incoming traffic over specific ports to instances in the security group. |
|
| | - Inbound rules control incoming traffic over specific ports to instances in the security group. |
|
||||||
| | - Outbound rules control outgoing traffic over specific ports from instances in the security group. |
|
| | - Outbound rules control outgoing traffic over specific ports from instances in the security group. |
|
||||||
+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
|
+-----------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
|
||||||
| Source (Inbound) | The source in an inbound rule is used to match the IP address or address range of an external request. The source can be: |
|
| Source (Inbound) | The source in an inbound rule is used to match the IP address or address range of an external request. The source can be: |
|
||||||
| | |
|
| | |
|
||||||
| | - IP address: |
|
| | - IP address: |
|
||||||
| | |
|
| | |
|
||||||
| | - Example IPv4 address: 192.168.10.10/32 |
|
| | - Example IPv4 address: 192.168.10.10/32 |
|
||||||
| | - Example IPv6 address: 2002:50::44/128 |
|
| | - Example IPv6 address: 2002:50::44/128 |
|
||||||
| | - Example IPv4 address range: 192.168.52.0/24 All IPv4 addresses: 0.0.0.0/0 |
|
| | - Example IPv4 address range: 192.168.52.0/24 All IPv4 addresses: 0.0.0.0/0 |
|
||||||
| | - Example IPv6 address range: 2407:c080:802:469::/64 All IPv6 addresses: ::/0 |
|
| | - Example IPv6 address range: 2407:c080:802:469::/64 All IPv6 addresses: ::/0 |
|
||||||
| | |
|
| | |
|
||||||
| | - Security group: You can select another security group in the same region under the current account as the source. |
|
| | - Security group: You can select another security group in the same region under the current account as the source. |
|
||||||
| | |
|
| | |
|
||||||
| | For example, instance A is in security group A and instance B is in security group B. If security group A has a rule with **Source** set to security group B, access from instance B is allowed to instance A. |
|
| | For example, instance A is in security group A and instance B is in security group B. If security group A has a rule with **Source** set to security group B, access from instance B is allowed to instance A. |
|
||||||
+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
|
| | |
|
||||||
| Destination (Outbound) | The destination in an outbound rule is used to match the IP address or address range of an internal request. The destination can be: |
|
| | - IP address group: If you have multiple IP address ranges and IP addresses with same security requirements, add them to an IP address group and select the group as the source to help you manage them in a more simple way. |
|
||||||
| | |
|
+-----------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
|
||||||
| | - IP address: |
|
| Destination (Outbound) | The destination in an outbound rule is used to match the IP address or address range of an internal request. The destination can be: |
|
||||||
| | |
|
| | |
|
||||||
| | - Example IPv4 address: 192.168.10.10/32 |
|
| | - IP address: |
|
||||||
| | - Example IPv6 address: 2002:50::44/128 |
|
| | |
|
||||||
| | - Example IPv4 address range: 192.168.52.0/24 All IPv4 addresses: 0.0.0.0/0 |
|
| | - Example IPv4 address: 192.168.10.10/32 |
|
||||||
| | - Example IPv6 address range: 2407:c080:802:469::/64 All IPv6 addresses: ::/0 |
|
| | - Example IPv6 address: 2002:50::44/128 |
|
||||||
| | |
|
| | - Example IPv4 address range: 192.168.52.0/24 All IPv4 addresses: 0.0.0.0/0 |
|
||||||
| | - Security group: You can select another security group in the same region under the current account as the destination. |
|
| | - Example IPv6 address range: 2407:c080:802:469::/64 All IPv6 addresses: ::/0 |
|
||||||
| | |
|
| | |
|
||||||
| | For example, instance A is in security group A and instance B is in security group B. If security group A has a rule with **Destination** set to security group B, access from instance A is allowed to instance B. |
|
| | - Security group: You can select another security group in the same region under the current account as the destination. |
|
||||||
+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
|
| | |
|
||||||
|
| | For example, instance A is in security group A and instance B is in security group B. If security group A has a rule with **Destination** set to security group B, access from instance A is allowed to instance B. |
|
||||||
|
| | |
|
||||||
|
| | - IP address group: If you have multiple IP address ranges and IP addresses with same security requirements, add them to an IP address group and select the group as the destination to help you manage them in a more simple way. |
|
||||||
|
+-----------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
|
||||||
|
|
||||||
Like whitelists, security group rules work as follows:
|
Like whitelists, security group rules work as follows:
|
||||||
|
|
||||||
|
|||||||
@ -8,6 +8,30 @@ Change History
|
|||||||
+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
|
+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
|
||||||
| Released On | Description |
|
| Released On | Description |
|
||||||
+===================================+====================================================================================================================================================================================================================================================================================================================================+
|
+===================================+====================================================================================================================================================================================================================================================================================================================================+
|
||||||
|
| 2023-12-19 | This release incorporates the following changes: |
|
||||||
|
| | |
|
||||||
|
| | Added screenshots in :ref:`How Do I Configure a Security Group for Multi-Channel Protocols? <vpc_faq_0059>`. |
|
||||||
|
| | |
|
||||||
|
| | Modified the table in :ref:`Why Can't I Delete My VPCs and Subnets? <vpc_faq_0075>`. |
|
||||||
|
+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
|
||||||
|
| 2023-12-18 | This release incorporates the following changes: |
|
||||||
|
| | |
|
||||||
|
| | Added IPv6-related content. |
|
||||||
|
+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
|
||||||
|
| 2023-12-12 | This release incorporates the following changes: |
|
||||||
|
| | |
|
||||||
|
| | Added descriptions about security group and IP address group as source or destination in :ref:`Adding a Security Group Rule <en-us_topic_0030969470>`. |
|
||||||
|
+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
|
||||||
|
| 2023-11-30 | This release incorporates the following changes: |
|
||||||
|
| | |
|
||||||
|
| | Added descriptions about IP address groups as source and destination in :ref:`Adding a Firewall Rule <en-us_topic_0051746702>`. |
|
||||||
|
+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
|
||||||
|
| 2023-11-14 | This release incorporates the following changes: |
|
||||||
|
| | |
|
||||||
|
| | Added the following content: |
|
||||||
|
| | |
|
||||||
|
| | Added description about allowing common ports with a few clicks in :ref:`Allowing Common Ports with A Few Clicks <securitygroup_0005>`. |
|
||||||
|
+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
|
||||||
| 2023-10-10 | This release incorporates the following changes: |
|
| 2023-10-10 | This release incorporates the following changes: |
|
||||||
| | |
|
| | |
|
||||||
| | - Added the figure for configuring route tables in :ref:`Route Table <en-us_topic_0038263963>`. |
|
| | - Added the figure for configuring route tables in :ref:`Route Table <en-us_topic_0038263963>`. |
|
||||||
|
|||||||
@ -49,7 +49,7 @@ Procedure
|
|||||||
|
|
||||||
#. Click |image2| in the upper left corner and choose **Network** > **Elastic IP**.
|
#. Click |image2| in the upper left corner and choose **Network** > **Elastic IP**.
|
||||||
|
|
||||||
#. Click the search box and then click **Tag** in the drop-down list.
|
#. Click the search box above the EIP list.
|
||||||
|
|
||||||
#. Select the tag key and value of the EIP.
|
#. Select the tag key and value of the EIP.
|
||||||
|
|
||||||
|
|||||||
@ -18,7 +18,7 @@ You can configure port 69 and configure data channel ports used by TFTP for the
|
|||||||
The following figure provides an example of the security group rule configuration if the ports used by data channels range from 60001 to 60100.
|
The following figure provides an example of the security group rule configuration if the ports used by data channels range from 60001 to 60100.
|
||||||
|
|
||||||
|
|
||||||
.. figure:: /_static/images/en-us_image_0129473334.png
|
.. figure:: /_static/images/en-us_image_0000001796404809.png
|
||||||
:alt: **Figure 1** Security group rules
|
:alt: **Figure 1** Security group rules
|
||||||
|
|
||||||
**Figure 1** Security group rules
|
**Figure 1** Security group rules
|
||||||
|
|||||||
@ -98,6 +98,8 @@ Before deleting a VPC, ensure that all subnets in the VPC have been deleted. You
|
|||||||
+---------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------+
|
+---------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------+
|
||||||
| Delete the virtual gateway that is using the VPC and then delete the VPC. | The VPC is being used by a Direct Connect virtual gateway. | On the Direct Connect console, locate the virtual gateway and delete it. |
|
| Delete the virtual gateway that is using the VPC and then delete the VPC. | The VPC is being used by a Direct Connect virtual gateway. | On the Direct Connect console, locate the virtual gateway and delete it. |
|
||||||
+---------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------+
|
+---------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------+
|
||||||
|
| Delete the VPN gateway that is using the VPC and then delete the VPC. | The VPC is being used by a VPN gateway. | On the VPN console, locate the VPN gateway and delete it. |
|
||||||
|
+---------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------+
|
||||||
| Delete all custom security groups in this region and then delete this last VPC. | In the current region, this is the last VPC and there are custom security groups. | Delete all custom security groups and then delete the VPC. |
|
| Delete all custom security groups in this region and then delete this last VPC. | In the current region, this is the last VPC and there are custom security groups. | Delete all custom security groups and then delete the VPC. |
|
||||||
| | | |
|
| | | |
|
||||||
| | .. important:: | :ref:`Deleting a Security Group <vpc_securitygroup_0008>` |
|
| | .. important:: | :ref:`Deleting a Security Group <vpc_securitygroup_0008>` |
|
||||||
|
|||||||
@ -56,7 +56,11 @@ Configuring a VPC for ECSs That Access the Internet Using EIPs
|
|||||||
| | | | |
|
| | | | |
|
||||||
| | | The name can contain a maximum of 64 characters, which may consist of letters, digits, underscores (_), hyphens (-), and periods (.). The name cannot contain spaces. | |
|
| | | The name can contain a maximum of 64 characters, which may consist of letters, digits, underscores (_), hyphens (-), and periods (.). The name cannot contain spaces. | |
|
||||||
+-------------------------------------+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+
|
+-------------------------------------+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+
|
||||||
| Default Subnet | CIDR Block | The CIDR block for the subnet. This value must be within the VPC CIDR block. | 192.168.0.0/24 |
|
| Default Subnet | IPv4 CIDR Block | The CIDR block for the subnet. This value must be within the VPC CIDR block. | 192.168.0.0/24 |
|
||||||
|
+-------------------------------------+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+
|
||||||
|
| Default Subnet | IPv6 CIDR Block | Specifies whether to set **IPv6 CIDR Block** to **Enable**. | ``-`` |
|
||||||
|
| | | | |
|
||||||
|
| | | After the IPv6 function is enabled, the system automatically assigns an IPv6 CIDR block to the created subnet. Currently, the IPv6 CIDR block cannot be customized. IPv6 cannot be disabled after the subnet is created. | |
|
||||||
+-------------------------------------+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+
|
+-------------------------------------+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+
|
||||||
| Default Subnet | Associated Route Table | The default route table to which the subnet will be associated. You can change the route table to a custom route table on the **Subnets** page. | Default |
|
| Default Subnet | Associated Route Table | The default route table to which the subnet will be associated. You can change the route table to a custom route table on the **Subnets** page. | Default |
|
||||||
+-------------------------------------+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+
|
+-------------------------------------+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+
|
||||||
|
|||||||
@ -66,7 +66,11 @@ Procedure
|
|||||||
| | | | |
|
| | | | |
|
||||||
| | | The name can contain a maximum of 64 characters, which may consist of letters, digits, underscores (_), hyphens (-), and periods (.). The name cannot contain spaces. | |
|
| | | The name can contain a maximum of 64 characters, which may consist of letters, digits, underscores (_), hyphens (-), and periods (.). The name cannot contain spaces. | |
|
||||||
+-------------------------------------+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+
|
+-------------------------------------+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+
|
||||||
| Default Subnet | CIDR Block | The CIDR block for the subnet. This value must be within the VPC CIDR block. | 192.168.0.0/24 |
|
| Default Subnet | IPv4 CIDR Block | The CIDR block for the subnet. This value must be within the VPC CIDR block. | 192.168.0.0/24 |
|
||||||
|
+-------------------------------------+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+
|
||||||
|
| Default Subnet | IPv6 CIDR Block | Specifies whether to set **IPv6 CIDR Block** to **Enable**. | ``-`` |
|
||||||
|
| | | | |
|
||||||
|
| | | After the IPv6 function is enabled, the system automatically assigns an IPv6 CIDR block to the created subnet. Currently, the IPv6 CIDR block cannot be customized. IPv6 cannot be disabled after the subnet is created. | |
|
||||||
+-------------------------------------+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+
|
+-------------------------------------+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+
|
||||||
| Default Subnet | Associated Route Table | The default route table to which the subnet will be associated. You can change the route table to a custom route table on the **Subnets** page. | Default |
|
| Default Subnet | Associated Route Table | The default route table to which the subnet will be associated. You can change the route table to a custom route table on the **Subnets** page. | Default |
|
||||||
+-------------------------------------+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+
|
+-------------------------------------+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+
|
||||||
|
|||||||
@ -48,7 +48,11 @@ Procedure
|
|||||||
| | | |
|
| | | |
|
||||||
| | The name can contain a maximum of 64 characters, which may consist of letters, digits, underscores (_), hyphens (-), and periods (.). The name cannot contain spaces. | |
|
| | The name can contain a maximum of 64 characters, which may consist of letters, digits, underscores (_), hyphens (-), and periods (.). The name cannot contain spaces. | |
|
||||||
+--------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
+--------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
||||||
| CIDR Block | The CIDR block for the subnet. This value must be within the VPC CIDR block. | 192.168.0.0/24 |
|
| IPv4 CIDR Block | The CIDR block for the subnet. This value must be within the VPC CIDR block. | 192.168.0.0/24 |
|
||||||
|
+--------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
||||||
|
| IPv6 CIDR Block | Specifies whether to set **IPv6 CIDR Block** to **Enable**. | ``-`` |
|
||||||
|
| | | |
|
||||||
|
| | If you select this option, the system automatically assigns an IPv6 CIDR block to the created subnet. Currently, the IPv6 CIDR block cannot be customized. IPv6 cannot be disabled after the subnet is created. | |
|
||||||
+--------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
+--------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
||||||
| Associated Route Table | The default route table to which the subnet will be associated. You can change the route table to a custom route table on the **Subnets** page. | Default |
|
| Associated Route Table | The default route table to which the subnet will be associated. You can change the route table to a custom route table on the **Subnets** page. | Default |
|
||||||
+--------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
+--------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
||||||
|
|||||||
File diff suppressed because it is too large
Load Diff
@ -66,7 +66,11 @@ Procedure
|
|||||||
| | | | |
|
| | | | |
|
||||||
| | | The name can contain a maximum of 64 characters, which may consist of letters, digits, underscores (_), hyphens (-), and periods (.). The name cannot contain spaces. | |
|
| | | The name can contain a maximum of 64 characters, which may consist of letters, digits, underscores (_), hyphens (-), and periods (.). The name cannot contain spaces. | |
|
||||||
+-------------------------------------+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+
|
+-------------------------------------+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+
|
||||||
| Default Subnet | CIDR Block | The CIDR block for the subnet. This value must be within the VPC CIDR block. | 192.168.0.0/24 |
|
| Default Subnet | IPv4 CIDR Block | The CIDR block for the subnet. This value must be within the VPC CIDR block. | 192.168.0.0/24 |
|
||||||
|
+-------------------------------------+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+
|
||||||
|
| Default Subnet | IPv6 CIDR Block | Specifies whether to set **IPv6 CIDR Block** to **Enable**. | ``-`` |
|
||||||
|
| | | | |
|
||||||
|
| | | After the IPv6 function is enabled, the system automatically assigns an IPv6 CIDR block to the created subnet. Currently, the IPv6 CIDR block cannot be customized. IPv6 cannot be disabled after the subnet is created. | |
|
||||||
+-------------------------------------+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+
|
+-------------------------------------+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+
|
||||||
| Default Subnet | Associated Route Table | The default route table to which the subnet will be associated. You can change the route table to a custom route table on the **Subnets** page. | Default |
|
| Default Subnet | Associated Route Table | The default route table to which the subnet will be associated. You can change the route table to a custom route table on the **Subnets** page. | Default |
|
||||||
+-------------------------------------+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+
|
+-------------------------------------+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+
|
||||||
|
|||||||
@ -48,7 +48,11 @@ Procedure
|
|||||||
| | | |
|
| | | |
|
||||||
| | The name can contain a maximum of 64 characters, which may consist of letters, digits, underscores (_), hyphens (-), and periods (.). The name cannot contain spaces. | |
|
| | The name can contain a maximum of 64 characters, which may consist of letters, digits, underscores (_), hyphens (-), and periods (.). The name cannot contain spaces. | |
|
||||||
+--------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
+--------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
||||||
| CIDR Block | The CIDR block for the subnet. This value must be within the VPC CIDR block. | 192.168.0.0/24 |
|
| IPv4 CIDR Block | The CIDR block for the subnet. This value must be within the VPC CIDR block. | 192.168.0.0/24 |
|
||||||
|
+--------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
||||||
|
| IPv6 CIDR Block | Specifies whether to set **IPv6 CIDR Block** to **Enable**. | ``-`` |
|
||||||
|
| | | |
|
||||||
|
| | If you select this option, the system automatically assigns an IPv6 CIDR block to the created subnet. Currently, the IPv6 CIDR block cannot be customized. IPv6 cannot be disabled after the subnet is created. | |
|
||||||
+--------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
+--------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
||||||
| Associated Route Table | The default route table to which the subnet will be associated. You can change the route table to a custom route table on the **Subnets** page. | Default |
|
| Associated Route Table | The default route table to which the subnet will be associated. You can change the route table to a custom route table on the **Subnets** page. | Default |
|
||||||
+--------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
+--------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
||||||
|
|||||||
File diff suppressed because it is too large
Load Diff
@ -12,7 +12,7 @@ You can create custom policies in either of the following ways:
|
|||||||
- Visual editor: Select cloud services, actions, resources, and request conditions. This does not require knowledge of policy syntax.
|
- Visual editor: Select cloud services, actions, resources, and request conditions. This does not require knowledge of policy syntax.
|
||||||
- JSON: Edit JSON policies from scratch or based on an existing policy.
|
- JSON: Edit JSON policies from scratch or based on an existing policy.
|
||||||
|
|
||||||
For operation details, see `Creating a Custom Policy <https://docs.otc.t-systems.com/usermanual/iam/en-us_topic_0274187246.html>`__. The following section contains examples of common VPC custom policies.
|
For operation details, see `Creating a Custom Policy <https://docs.otc.t-systems.com/identity-access-management/umn/user_guide/permissions/creating_a_custom_policy.html>`__. The following section contains examples of common VPC custom policies.
|
||||||
|
|
||||||
Example Custom Policies
|
Example Custom Policies
|
||||||
-----------------------
|
-----------------------
|
||||||
|
|||||||
@ -60,7 +60,7 @@ Procedure
|
|||||||
.. code-block:: console
|
.. code-block:: console
|
||||||
|
|
||||||
[root@localhost ~]# ping www.google.com
|
[root@localhost ~]# ping www.google.com
|
||||||
PING www.XXX.com (xxx.xxx.xxx.xxx) 56(84) bytes of data.
|
PING www.google.com (xxx.xxx.xxx.xxx) 56(84) bytes of data.
|
||||||
64 bytes from xxx.xxx.xxx.xxx: icmp_seq=1 ttl=51 time=9.34 ms
|
64 bytes from xxx.xxx.xxx.xxx: icmp_seq=1 ttl=51 time=9.34 ms
|
||||||
64 bytes from xxx.xxx.xxx.xxx: icmp_seq=2 ttl=51 time=9.11 ms
|
64 bytes from xxx.xxx.xxx.xxx: icmp_seq=2 ttl=51 time=9.11 ms
|
||||||
64 bytes from xxx.xxx.xxx.xxx: icmp_seq=3 ttl=51 time=8.99 ms
|
64 bytes from xxx.xxx.xxx.xxx: icmp_seq=3 ttl=51 time=8.99 ms
|
||||||
|
|||||||
@ -23,7 +23,7 @@ A route table contains a set of routes that are used to determine where network
|
|||||||
|
|
||||||
- Custom route table: If you do not want to use the default route table, you can create a custom route table and associate it with the subnet. Custom route tables can be deleted if they are no longer required.
|
- Custom route table: If you do not want to use the default route table, you can create a custom route table and associate it with the subnet. Custom route tables can be deleted if they are no longer required.
|
||||||
|
|
||||||
The custom route table associated with a subnet affects only the outbound traffic. The default route table controls the inbound traffic.
|
The custom route table associated with a subnet affects only the outbound traffic. The default route table of a subnet controls the inbound traffic.
|
||||||
|
|
||||||
Route
|
Route
|
||||||
-----
|
-----
|
||||||
@ -35,8 +35,14 @@ You can add routes to default and custom route tables and configure the destinat
|
|||||||
After a route table is created, the system automatically adds the following system routes to the route table, so that instances in a VPC can communicate with each other.
|
After a route table is created, the system automatically adds the following system routes to the route table, so that instances in a VPC can communicate with each other.
|
||||||
|
|
||||||
- Routes whose destination is 100.64.0.0/10 or 198.19.128.0/20.
|
- Routes whose destination is 100.64.0.0/10 or 198.19.128.0/20.
|
||||||
|
|
||||||
- Routes whose destination is a subnet CIDR block.
|
- Routes whose destination is a subnet CIDR block.
|
||||||
|
|
||||||
|
If you enable IPv6 when creating a subnet, the system automatically assigns an IPv6 CIDR block to the subnet. Then, you can view IPv6 routes in its route table. Example destinations of subnet CIDR blocks are as follows:
|
||||||
|
|
||||||
|
- IPv4: 192.168.2.0/24
|
||||||
|
- IPv6: 2407:c080:802:be7::/64
|
||||||
|
|
||||||
.. note::
|
.. note::
|
||||||
|
|
||||||
In addition to the preceding system routes, the system automatically adds a route whose destination is 127.0.0.0/8. This is the local loopback address.
|
In addition to the preceding system routes, the system automatically adds a route whose destination is 127.0.0.0/8. This is the local loopback address.
|
||||||
|
|||||||
@ -23,7 +23,7 @@ A route table contains a set of routes that are used to determine where network
|
|||||||
|
|
||||||
- Custom route table: If you do not want to use the default route table, you can create a custom route table and associate it with the subnet. Custom route tables can be deleted if they are no longer required.
|
- Custom route table: If you do not want to use the default route table, you can create a custom route table and associate it with the subnet. Custom route tables can be deleted if they are no longer required.
|
||||||
|
|
||||||
The custom route table associated with a subnet affects only the outbound traffic. The default route table controls the inbound traffic.
|
The custom route table associated with a subnet affects only the outbound traffic. The default route table of a subnet controls the inbound traffic.
|
||||||
|
|
||||||
Route
|
Route
|
||||||
-----
|
-----
|
||||||
@ -35,8 +35,14 @@ You can add routes to default and custom route tables and configure the destinat
|
|||||||
After a route table is created, the system automatically adds the following system routes to the route table, so that instances in a VPC can communicate with each other.
|
After a route table is created, the system automatically adds the following system routes to the route table, so that instances in a VPC can communicate with each other.
|
||||||
|
|
||||||
- Routes whose destination is 100.64.0.0/10 or 198.19.128.0/20.
|
- Routes whose destination is 100.64.0.0/10 or 198.19.128.0/20.
|
||||||
|
|
||||||
- Routes whose destination is a subnet CIDR block.
|
- Routes whose destination is a subnet CIDR block.
|
||||||
|
|
||||||
|
If you enable IPv6 when creating a subnet, the system automatically assigns an IPv6 CIDR block to the subnet. Then, you can view IPv6 routes in its route table. Example destinations of subnet CIDR blocks are as follows:
|
||||||
|
|
||||||
|
- IPv4: 192.168.2.0/24
|
||||||
|
- IPv6: 2407:c080:802:be7::/64
|
||||||
|
|
||||||
.. note::
|
.. note::
|
||||||
|
|
||||||
In addition to the preceding system routes, the system automatically adds a route whose destination is 127.0.0.0/8. This is the local loopback address.
|
In addition to the preceding system routes, the system automatically adds a route whose destination is 127.0.0.0/8. This is the local loopback address.
|
||||||
|
|||||||
@ -5,7 +5,7 @@
|
|||||||
Security Group
|
Security Group
|
||||||
==============
|
==============
|
||||||
|
|
||||||
A security group is a collection of access control rules for cloud resources, such as cloud servers, containers, and databases, that have the same security protection requirements and that are mutually trusted. After a security group is created, you can create various access rules for the security group, these rules will apply to all cloud resources added to this security group.
|
A security group is a collection of access control rules for cloud resources, such as cloud servers, containers, and databases, that have the same security protection requirements and that are mutually trusted. After a security group is created, you can create various access rules for the security group and these rules will apply to all cloud resources added to this security group.
|
||||||
|
|
||||||
Like whitelists, security group rules work as follows:
|
Like whitelists, security group rules work as follows:
|
||||||
|
|
||||||
|
|||||||
@ -5,7 +5,7 @@
|
|||||||
VPC Peering Connection
|
VPC Peering Connection
|
||||||
======================
|
======================
|
||||||
|
|
||||||
A VPC peering connection is a networking connection between two VPCs and enables them to communicate using private IP addresses. The VPCs to be peered can be in the same account or different accounts, but must be in the same region.
|
A VPC peering connection is a networking connection that connects two VPCs for them to communicate using private IP addresses. The VPCs to be peered can be in the same account or different accounts, but must be in the same region.
|
||||||
|
|
||||||
- You can use VPC peering connections to build networks in different scenarios. For details, see :ref:`VPC Peering Connection Usage Examples <en-us_topic_0046809840>`.
|
- You can use VPC peering connections to build networks in different scenarios. For details, see :ref:`VPC Peering Connection Usage Examples <en-us_topic_0046809840>`.
|
||||||
|
|
||||||
|
|||||||
@ -27,6 +27,11 @@ Procedure
|
|||||||
|
|
||||||
#. Click the **IP Addresses** tab and click **Assign Virtual IP Address**.
|
#. Click the **IP Addresses** tab and click **Assign Virtual IP Address**.
|
||||||
|
|
||||||
|
#. Select an IP address type. This parameter is available only in regions supporting IPv6.
|
||||||
|
|
||||||
|
- IPv4
|
||||||
|
- IPv6
|
||||||
|
|
||||||
#. Select a virtual IP address assignment mode.
|
#. Select a virtual IP address assignment mode.
|
||||||
|
|
||||||
- **Automatic**: The system assigns an IP address automatically.
|
- **Automatic**: The system assigns an IP address automatically.
|
||||||
|
|||||||
File diff suppressed because it is too large
Load Diff
@ -7,6 +7,7 @@ VPC and Subnet
|
|||||||
|
|
||||||
- :ref:`VPC <vpc_0003>`
|
- :ref:`VPC <vpc_0003>`
|
||||||
- :ref:`Subnet <vpc_0004>`
|
- :ref:`Subnet <vpc_0004>`
|
||||||
|
- :ref:`IPv4 and IPv6 Dual-Stack Network <vpc_0002>`
|
||||||
|
|
||||||
.. toctree::
|
.. toctree::
|
||||||
:maxdepth: 1
|
:maxdepth: 1
|
||||||
@ -14,3 +15,4 @@ VPC and Subnet
|
|||||||
|
|
||||||
vpc/index
|
vpc/index
|
||||||
subnet/index
|
subnet/index
|
||||||
|
ipv4_and_ipv6_dual-stack_network
|
||||||
|
|||||||
101
umn/source/vpc_and_subnet/ipv4_and_ipv6_dual-stack_network.rst
Normal file
101
umn/source/vpc_and_subnet/ipv4_and_ipv6_dual-stack_network.rst
Normal file
File diff suppressed because it is too large
Load Diff
@ -48,7 +48,11 @@ Procedure
|
|||||||
| | | |
|
| | | |
|
||||||
| | The name can contain a maximum of 64 characters, which may consist of letters, digits, underscores (_), hyphens (-), and periods (.). The name cannot contain spaces. | |
|
| | The name can contain a maximum of 64 characters, which may consist of letters, digits, underscores (_), hyphens (-), and periods (.). The name cannot contain spaces. | |
|
||||||
+--------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
+--------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
||||||
| CIDR Block | The CIDR block for the subnet. This value must be within the VPC CIDR block. | 192.168.0.0/24 |
|
| IPv4 CIDR Block | The CIDR block for the subnet. This value must be within the VPC CIDR block. | 192.168.0.0/24 |
|
||||||
|
+--------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
||||||
|
| IPv6 CIDR Block | Specifies whether to set **IPv6 CIDR Block** to **Enable**. | ``-`` |
|
||||||
|
| | | |
|
||||||
|
| | If you select this option, the system automatically assigns an IPv6 CIDR block to the created subnet. Currently, the IPv6 CIDR block cannot be customized. IPv6 cannot be disabled after the subnet is created. | |
|
||||||
+--------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
+--------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
||||||
| Associated Route Table | The default route table to which the subnet will be associated. You can change the route table to a custom route table on the **Subnets** page. | Default |
|
| Associated Route Table | The default route table to which the subnet will be associated. You can change the route table to a custom route table on the **Subnets** page. | Default |
|
||||||
+--------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
+--------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
||||||
|
|||||||
@ -57,14 +57,14 @@ Procedure
|
|||||||
|
|
||||||
The **Subnets** page is displayed.
|
The **Subnets** page is displayed.
|
||||||
|
|
||||||
#. Click **+** to add another tag key and value.
|
|
||||||
|
|
||||||
You can add multiple tag keys and values to refine your search results. If you add more than one tag to search for subnets, the subnets containing all specified tags will be displayed.
|
|
||||||
|
|
||||||
#. In the search box above the subnet list, click the search box.
|
#. In the search box above the subnet list, click the search box.
|
||||||
|
|
||||||
Click the tag key and then the value as required. The system filters resources based on the tag you select.
|
Click the tag key and then the value as required. The system filters resources based on the tag you select.
|
||||||
|
|
||||||
|
Click anywhere in the search box to add the next tag key and value.
|
||||||
|
|
||||||
|
You can add multiple tag keys and values to refine your search results. If you add more than one tag to search for VPCs, the VPCs containing all specified tags will be displayed.
|
||||||
|
|
||||||
**Add, delete, edit, and view tags on the Tags tab of a subnet.**
|
**Add, delete, edit, and view tags on the Tags tab of a subnet.**
|
||||||
|
|
||||||
#. Log in to the management console.
|
#. Log in to the management console.
|
||||||
|
|||||||
@ -66,7 +66,11 @@ Procedure
|
|||||||
| | | | |
|
| | | | |
|
||||||
| | | The name can contain a maximum of 64 characters, which may consist of letters, digits, underscores (_), hyphens (-), and periods (.). The name cannot contain spaces. | |
|
| | | The name can contain a maximum of 64 characters, which may consist of letters, digits, underscores (_), hyphens (-), and periods (.). The name cannot contain spaces. | |
|
||||||
+-------------------------------------+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+
|
+-------------------------------------+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+
|
||||||
| Default Subnet | CIDR Block | The CIDR block for the subnet. This value must be within the VPC CIDR block. | 192.168.0.0/24 |
|
| Default Subnet | IPv4 CIDR Block | The CIDR block for the subnet. This value must be within the VPC CIDR block. | 192.168.0.0/24 |
|
||||||
|
+-------------------------------------+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+
|
||||||
|
| Default Subnet | IPv6 CIDR Block | Specifies whether to set **IPv6 CIDR Block** to **Enable**. | ``-`` |
|
||||||
|
| | | | |
|
||||||
|
| | | After the IPv6 function is enabled, the system automatically assigns an IPv6 CIDR block to the created subnet. Currently, the IPv6 CIDR block cannot be customized. IPv6 cannot be disabled after the subnet is created. | |
|
||||||
+-------------------------------------+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+
|
+-------------------------------------+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+
|
||||||
| Default Subnet | Associated Route Table | The default route table to which the subnet will be associated. You can change the route table to a custom route table on the **Subnets** page. | Default |
|
| Default Subnet | Associated Route Table | The default route table to which the subnet will be associated. You can change the route table to a custom route table on the **Subnets** page. | Default |
|
||||||
+-------------------------------------+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+
|
+-------------------------------------+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+
|
||||||
|
|||||||
@ -53,7 +53,7 @@ Procedure
|
|||||||
|
|
||||||
The **Virtual Private Cloud** page is displayed.
|
The **Virtual Private Cloud** page is displayed.
|
||||||
|
|
||||||
#. In the search box above the subnet list, click the search box.
|
#. In the search box above the VPC list, click anywhere in the search box.
|
||||||
|
|
||||||
Click the tag key and then the value as required. The system filters resources based on the tag you select.
|
Click the tag key and then the value as required. The system filters resources based on the tag you select.
|
||||||
|
|
||||||
|
|||||||
@ -62,7 +62,7 @@ Procedure
|
|||||||
| | - **Accepted traffic**: specifies that only accepted traffic of the specified resource will be logged. Accepted traffic refers to the traffic permitted by the security group or firewall. | |
|
| | - **Accepted traffic**: specifies that only accepted traffic of the specified resource will be logged. Accepted traffic refers to the traffic permitted by the security group or firewall. | |
|
||||||
| | - **Rejected traffic**: specifies that only rejected traffic of the specified resource will be logged. Rejected traffic refers to the traffic denied by the firewall. | |
|
| | - **Rejected traffic**: specifies that only rejected traffic of the specified resource will be logged. Rejected traffic refers to the traffic denied by the firewall. | |
|
||||||
+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
||||||
| Log Group | The log group created in LTS. | lts-group-wule |
|
| Log Group | The log group created in LTS. | lts-group-abc |
|
||||||
+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
||||||
| Log Topic | The log topic created in LTS. | LogTopic1 |
|
| Log Topic | The log topic created in LTS. | LogTopic1 |
|
||||||
+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
||||||
|
|||||||
@ -8,7 +8,13 @@ Enabling or Disabling VPC Flow Log
|
|||||||
Scenarios
|
Scenarios
|
||||||
---------
|
---------
|
||||||
|
|
||||||
After a VPC flow log is created, the VPC flow log is automatically enabled. If you do not need to record traffic data, you can disable the corresponding VPC flow log. The disabled VPC flow log can be enabled again.
|
After a VPC flow log is created, the VPC flow log is automatically enabled. If you do not need to record flow log data, you can disable the corresponding VPC flow log. A disabled VPC flow log can be enabled again.
|
||||||
|
|
||||||
|
Notes and Constraints
|
||||||
|
---------------------
|
||||||
|
|
||||||
|
- After a VPC flow log is enabled, the system starts to collect flow logs in the next log collection period.
|
||||||
|
- After a VPC flow log is disabled, the system stops collecting flow logs in the next log collection period. Generated flow logs will still be reported.
|
||||||
|
|
||||||
Procedure
|
Procedure
|
||||||
---------
|
---------
|
||||||
|
|||||||
@ -5,6 +5,9 @@
|
|||||||
VPC Flow Log Overview
|
VPC Flow Log Overview
|
||||||
=====================
|
=====================
|
||||||
|
|
||||||
|
What Is a VPC Flow Log?
|
||||||
|
-----------------------
|
||||||
|
|
||||||
A VPC flow log records information about the traffic going to and from a VPC. VPC flow logs help you monitor network traffic, analyze network attacks, and determine whether security group and firewall rules require modification.
|
A VPC flow log records information about the traffic going to and from a VPC. VPC flow logs help you monitor network traffic, analyze network attacks, and determine whether security group and firewall rules require modification.
|
||||||
|
|
||||||
VPC flow logs must be used together with the Log Tank Service (LTS). Before you create a VPC flow log, you need to create a log group and a log topic in LTS. :ref:`Figure 1 <flowlog_0002__fig1535115691415>` shows the process for configuring VPC flow logs.
|
VPC flow logs must be used together with the Log Tank Service (LTS). Before you create a VPC flow log, you need to create a log group and a log topic in LTS. :ref:`Figure 1 <flowlog_0002__fig1535115691415>` shows the process for configuring VPC flow logs.
|
||||||
|
|||||||
@ -14,10 +14,13 @@ This following describes how to create a VPC peering connection between VPC-A in
|
|||||||
|
|
||||||
Procedure:
|
Procedure:
|
||||||
|
|
||||||
#. :ref:`Step 1: Create a VPC Peering Connection <en-us_topic_0046655038__section14616192294815>`
|
:ref:`Step 1: Create a VPC Peering Connection <en-us_topic_0046655038__section14616192294815>`
|
||||||
#. :ref:`Step 2: Peer Account Accepts the VPC Peering Connection Request <en-us_topic_0046655038__section497322311429>`
|
|
||||||
#. :ref:`Step 3: Add Routes for the VPC Peering Connection <en-us_topic_0046655038__section519111175712>`
|
:ref:`Step 2: Peer Account Accepts the VPC Peering Connection Request <en-us_topic_0046655038__section497322311429>`
|
||||||
#. :ref:`Step 4: Verify Network Connectivity <en-us_topic_0046655038__section920942154519>`
|
|
||||||
|
:ref:`Step 3: Add Routes for the VPC Peering Connection <en-us_topic_0046655038__section519111175712>`
|
||||||
|
|
||||||
|
:ref:`Step 4: Verify Network Connectivity <en-us_topic_0046655038__section920942154519>`
|
||||||
|
|
||||||
|
|
||||||
.. figure:: /_static/images/en-us_image_0000001464757610.png
|
.. figure:: /_static/images/en-us_image_0000001464757610.png
|
||||||
|
|||||||
@ -14,9 +14,11 @@ This following describes how to create a VPC peering connection between VPC-A an
|
|||||||
|
|
||||||
Procedure:
|
Procedure:
|
||||||
|
|
||||||
#. :ref:`Step 1: Create a VPC Peering Connection <en-us_topic_0046655037__section143383585438>`
|
:ref:`Step 1: Create a VPC Peering Connection <en-us_topic_0046655037__section143383585438>`
|
||||||
#. :ref:`Step 2: Add Routes for the VPC Peering Connection <en-us_topic_0046655037__section19655123018712>`
|
|
||||||
#. :ref:`Step 3: Verify Network Connectivity <en-us_topic_0046655037__section026312306414>`
|
:ref:`Step 2: Add Routes for the VPC Peering Connection <en-us_topic_0046655037__section19655123018712>`
|
||||||
|
|
||||||
|
:ref:`Step 3: Verify Network Connectivity <en-us_topic_0046655037__section026312306414>`
|
||||||
|
|
||||||
|
|
||||||
.. figure:: /_static/images/en-us_image_0000001512876289.png
|
.. figure:: /_static/images/en-us_image_0000001512876289.png
|
||||||
|
|||||||
@ -8,7 +8,7 @@ VPC Peering Connection Overview
|
|||||||
What Is a VPC Peering Connection?
|
What Is a VPC Peering Connection?
|
||||||
---------------------------------
|
---------------------------------
|
||||||
|
|
||||||
A VPC peering connection is a networking connection between two VPCs and enables them to communicate using private IP addresses. The VPCs to be peered can be in the same account or different accounts, but must be in the same region.
|
A VPC peering connection is a networking connection that connects two VPCs for them to communicate using private IP addresses. The VPCs to be peered can be in the same account or different accounts, but must be in the same region.
|
||||||
|
|
||||||
- You can use VPC peering connections to build networks in different scenarios. For details, see :ref:`VPC Peering Connection Usage Examples <en-us_topic_0046809840>`.
|
- You can use VPC peering connections to build networks in different scenarios. For details, see :ref:`VPC Peering Connection Usage Examples <en-us_topic_0046809840>`.
|
||||||
|
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user