If you have not created any security groups yet, the system automatically creates a default security group for you and associates it with the instance when you create it. A default security group has the following rules:
- Inbound rules control incoming traffic to instances in a security group. Only instances in the same security group can communicate with each other, and all inbound requests are denied.
- Outbound rules allow all outbound traffic and response traffic to the outbound requests.
Figure 1 Default security group
- You cannot delete the default security group, but you can modify existing rules or add rules to the group.
- The default security group denies all external requests. To log in to an instance associated with this security group, add a security group rule by referring to Remotely Logging In to an ECS from a Local Server.
Table 1 describes the default rules for the default security group.
Direction |
Protocol |
Port/Range |
Source/Destination |
Description |
|---|---|---|---|---|
Outbound |
All |
All |
Destination: 0.0.0.0/0 |
Allows all outbound traffic. |
Inbound |
All |
All |
Source: the current security group (for example, sg-xxxxx) |
Allows communications among ECSs within the security group and denies all inbound traffic (incoming data packets). |