forked from docs/doc-exports
Qin Ying, Fan
38a9f4a4f1
Reviewed-by: Hajba, László Antal <laszlo-antal.hajba@t-systems.com> Co-authored-by: Qin Ying, Fan <fanqinying@huawei.com> Co-committed-by: Qin Ying, Fan <fanqinying@huawei.com>
4.9 KiB
4.9 KiB
Default Security Groups and Security Group Rules
The system creates a default security group for each account. By default, the default security group rules:
- Allow all outbound packets: Instances in the default security group can send requests to and receive responses from instances in other security groups.
- Deny all inbound packets: Requests from instances in other security groups will be denied by the default security group.
Figure 1 Default security group
- You cannot delete the default security group, but you can modify the rules for the default security group.
- If two ECSs are in the same security group but in different VPCs, the ECSs cannot communicate with each other. To enable communications between the ECSs, use a VPC peering connection to connect the two VPCs.
Table 1 describes the default rules for the default security group.
Direction |
Protocol |
Port/Range |
Source/Destination |
Description |
|---|---|---|---|---|
Outbound |
All |
All |
Destination: 0.0.0.0/0 |
Allows all outbound traffic. |
Inbound |
All |
All |
Source: the current security group (for example, sg-xxxxx) |
Allows communications among ECSs within the security group and denies all inbound traffic (incoming data packets). |
Parent topic: Security Group