Files

fanqinying d2f00b744a VPC UMN 20241224 version

Reviewed-by: Szirovicza Gergő <a94652429@noreply.gitea.eco.tsi-dev.otc-service.com>
Reviewed-by: Sarda, Priya <prsarda@noreply.gitea.eco.tsi-dev.otc-service.com>
Co-authored-by: fanqinying <fanqinying@huawei.com>
Co-committed-by: fanqinying <fanqinying@huawei.com>

2025-09-11 07:29:55 +00:00

13 KiB

Raw Permalink Blame History

Default Security Group and Its Rules

If you have not created any security groups yet, the system automatically creates a default security group for you and associates it with the instance when you create it. A default security group has the following rules:

Inbound rules control incoming traffic to instances in a security group. Only instances in the same security group can communicate with each other, and all inbound requests are denied.
Outbound rules allow all outbound traffic and response traffic to the outbound requests.

Figure 1 Default security group

You cannot delete the default security group, but you can modify existing rules or add rules to the group.
The default security group denies all external requests. To log in to an instance associated with this security group, add a security group rule by referring to Remotely Logging In to an ECS from a Local Server.

Table 1 describes the default rules for the default security group.

**Table 1** Rules in the default security group
Direction	Action	Type	Protocol & Port	Source/Destination	Description
Inbound	Allow	IPv4	TCP: 22	Source: 0.0.0.0/0	Allows IPv4 traffic to reach instances in the security group over SSH port 22 for remotely logging in to Linux instances.
Inbound	Allow	IPv4	TCP: 3389	Source: 0.0.0.0/0	Allows IPv4 traffic to reach instances in the security group over RDP port 3389 for remotely logging in to Windows instances.
Inbound	Allow	IPv4	TCP: 80	Source: 0.0.0.0/0	Allows IPv4 traffic to reach the websites deployed on the instances in the security group over HTTP port 80.
Inbound	Allow	IPv4	TCP: 443	Source: 0.0.0.0/0	Allows IPv4 traffic to reach the websites deployed on the instances in the security group over HTTPS port 443.
Inbound	Allow	IPv4	ICMP: all	Source: 0.0.0.0/0	Allows external IPv4 servers to ping the instances in the security group to verify the network connectivity.
Inbound	Allow	IPv4	All	Source: Default security group (default)	Allows IPv4 instances in the security group to communicate with each other using any protocol over any port.
Inbound	Allow	IPv6	All	Source: Default security group (default)	Allows IPv6 instances in the security group to communicate with each other using any protocol over any port.
Outbound	Allow	IPv4	All	Destination: 0.0.0.0/0	Allows all traffic from the instances in the security group to any IPv4 address over any port.
Outbound	Allow	IPv6	All	Destination: ::/0	Allows all traffic from the instances in the security group to any IPv6 address over any port.

Parent topic: Security Group

13 KiB Raw Permalink Blame History

Default Security Group and Its Rules

13 KiB

Raw Permalink Blame History