sgode/virtual-private-cloud
1
0
Fork 0
forked from docs/virtual-private-cloud
Code Pull Requests Activity
virtual-private-cloud/umn/source/security/security_group/creating_a_security_group.rst

12 KiB
Raw Blame History

original_name

en-us_topic_0013748715.html

Creating a Security Group

Scenarios

A security group is a collection of access control rules to control the traffic that is allowed to reach and leave the cloud resources that it is associated with. The cloud resources can be cloud servers, containers, databases, and more. A security group consists of inbound and outbound rules.

Notes and Constraints

Each ECS must be associated with at least one security group. If you have no security group when creating an ECS, the system automatically creates a default security group (default) for the ECS. For details about the rules in the default security group, see Default Security Groups and Security Group Rules <securitygroup_0003>.

Procedure

  1. Log in to the management console.

  2. Click image1 in the upper left corner and select the desired region and project.

  3. Click image2 in the upper left corner and choose Network > Virtual Private Cloud.

  4. In the navigation pane on the left, choose Access Control > Security Groups.

    The security group list is displayed.

  5. In the upper right corner, click Create Security Group.

    The Create Security Group page is displayed.

  6. Configure the parameters as prompted.

    Figure 1 Create Security Group
    Table 1 Parameter description
    Parameter Description Example Value
    Name

    Mandatory

    Enter the security group name.

    The security group name can contain a maximum of 64 characters, which may consist of letters, digits, underscores (_), hyphens (-), and periods (.). The name cannot contain spaces.

    Note

    You can change the security group name after a security group is created. It is recommended that you give each security group a different name.

    		 sg-AB
    Enterprise Project

    Mandatory

    When creating a security group, you can add the security group to an enabled enterprise project.

    An enterprise project facilitates project-level management and grouping of cloud resources and users. The name of the default project is default.

    		 default
    Template

    Mandatory

    A template comes with default security group rules, helping you quickly create security groups. The following templates are provided:

    • Custom: This template allows you to create security groups with custom security group rules.
    • General-purpose web server: The security group that you create using this template is for general-purpose web servers and includes default rules that allow all inbound ICMP traffic and allow inbound traffic on ports 22, 80, 443, and 3389.
    • All ports open: The security group that you create using this template includes default rules that allow inbound traffic on any port. Note that allowing inbound traffic on any port poses security risks.
    		 General-purpose web server
    Description

    Optional

    Supplementary information about the security group. This parameter is optional.

    The security group description can contain a maximum of 255 characters and cannot contain angle brackets (< or >).

    		 N/A

  7. Confirm the inbound and outbound rules of the template and click OK.