- Inbound rules control incoming traffic to instances in a security group. Only instances in the same security group can communicate with each other, and all inbound requests are denied.
- Outbound rules allow all outbound traffic and response traffic to the outbound requests.
- You cannot delete the default security group, but you can modify existing rules or add rules to the group.
- The default security group denies all external requests. To log in to an instance associated with this security group, add a security group rule by referring to Remotely Logging In to an ECS from a Local Server.
Table 1 describes the default rules for the default security group.
Direction |
Action |
Type |
Protocol & Port |
Source/Destination |
Description |
|---|---|---|---|---|---|
Inbound |
Allow |
IPv4 |
TCP: 22 |
Source: 0.0.0.0/0 |
Allows IPv4 traffic to reach instances in the security group over SSH port 22 for remotely logging in to Linux instances. |
Inbound |
Allow |
IPv4 |
TCP: 3389 |
Source: 0.0.0.0/0 |
Allows IPv4 traffic to reach instances in the security group over RDP port 3389 for remotely logging in to Windows instances. |
Inbound |
Allow |
IPv4 |
TCP: 80 |
Source: 0.0.0.0/0 |
Allows IPv4 traffic to reach the websites deployed on the instances in the security group over HTTP port 80. |
Inbound |
Allow |
IPv4 |
TCP: 443 |
Source: 0.0.0.0/0 |
Allows IPv4 traffic to reach the websites deployed on the instances in the security group over HTTPS port 443. |
Inbound |
Allow |
IPv4 |
ICMP: all |
Source: 0.0.0.0/0 |
Allows external IPv4 servers to ping the instances in the security group to verify the network connectivity. |
Inbound |
Allow |
IPv4 |
All |
Source: Default security group (default) |
Allows IPv4 instances in the security group to communicate with each other using any protocol over any port. |
Inbound |
Allow |
IPv6 |
All |
Source: Default security group (default) |
Allows IPv6 instances in the security group to communicate with each other using any protocol over any port. |
Outbound |
Allow |
IPv4 |
All |
Destination: 0.0.0.0/0 |
Allows all traffic from the instances in the security group to any IPv4 address over any port. |
Outbound |
Allow |
IPv6 |
All |
Destination: ::/0 |
Allows all traffic from the instances in the security group to any IPv6 address over any port. |