forked from docs/doc-exports
Qin Ying, Fan
662ede2c6b
Reviewed-by: Sarda, Priya <prsarda@noreply.gitea.eco.tsi-dev.otc-service.com> Co-authored-by: Qin Ying, Fan <fanqinying@huawei.com> Co-committed-by: Qin Ying, Fan <fanqinying@huawei.com>
5.1 KiB
5.1 KiB
Default Security Group and Its Rules
If you have not created any security groups yet, the system automatically creates a default security group for you and associates it with the instance when you create it. A default security group has the following rules:
- Inbound rules control incoming traffic to instances in a security group. Only instances in the same security group can communicate with each other, and all inbound requests are denied.
- Outbound rules allow all outbound traffic and response traffic to the outbound requests.
Figure 1 Default security group
- You cannot delete the default security group, but you can modify existing rules or add rules to the group.
- The default security group denies all external requests. To log in to an instance associated with this security group, add a security group rule by referring to Remotely Logging In to an ECS from a Local Server.
Table 1 describes the default rules for the default security group.
Direction |
Protocol |
Port/Range |
Source/Destination |
Description |
|---|---|---|---|---|
Outbound |
All |
All |
Destination: 0.0.0.0/0 |
Allows all outbound traffic. |
Inbound |
All |
All |
Source: the current security group (for example, sg-xxxxx) |
Allows communications among ECSs within the security group and denies all inbound traffic (incoming data packets). |
Parent topic: Security Group