forked from docs/virtual-private-cloud
2.7 KiB
2.7 KiB
- original_name
SecurityGroup_0003.html
Default Security Group
The system creates a default security group for each account. By default, the default security group rules:
- Allow all outbound packets: Instances in the default security group can send requests to and receive responses from instances in other security groups.
- Deny all inbound packets: Requests from instances in other security groups will be denied by the default security group.
Note
- You cannot delete the default security group, but you can modify the rules for the default security group.
- If two ECSs are in the same security group but in different VPCs, the ECSs cannot communicate with each other. To enable communications between the ECSs, use a VPC peering connection to connect the two VPCs.
Table 1 <securitygroup_0003__table493045171919> describes the default rules for the default security group.
| Direction | Protocol | Port/Range | Source/Destination | Description |
|---|---|---|---|---|
| Outbound | All | All | Destination: 0.0.0.0/0 | Allows all outbound traffic. |
| Inbound | All | All | Source: the current security group (for example, sg-xxxxx) | Allows communications among ECSs within the security group and denies all inbound traffic (incoming data packets). |