yexinru/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
Files
main
doc-exports/docs/vpc/umn/vpc_Concepts_0005.html
Qin Ying, Fan 662ede2c6b VPC UMN 20240105 version 
Reviewed-by: Sarda, Priya <prsarda@noreply.gitea.eco.tsi-dev.otc-service.com>
Co-authored-by: Qin Ying, Fan <fanqinying@huawei.com>
Co-committed-by: Qin Ying, Fan <fanqinying@huawei.com>
2024-04-18 12:13:40 +00:00

102 lines
10 KiB
HTML
Raw Permalink Blame History

<a name="vpc_Concepts_0005"></a><a name="vpc_Concepts_0005"></a>
<h1 class="topictitle1">Security Group</h1>
<div id="body8662426"><p id="vpc_Concepts_0005__p554165143114">A security group is a collection of access control rules for cloud resources, such as cloud servers, containers, and databases, that have the same security protection requirements and that are mutually trusted. After a security group is created, you can configure access rules that will apply to all cloud resources added to this security group.</p>
<div class="p" id="vpc_Concepts_0005__p235918127418">Like whitelists, security group rules work as follows:<ul id="vpc_Concepts_0005__en-us_topic_0118534002_ul17321794815"><li id="vpc_Concepts_0005__en-us_topic_0118534002_li21951340102811">Inbound rules control incoming traffic to instances in the security group.<p id="vpc_Concepts_0005__en-us_topic_0118534002_p8845145232816"><a name="vpc_Concepts_0005__en-us_topic_0118534002_li21951340102811"></a><a name="en-us_topic_0118534002_li21951340102811"></a>If an inbound request matches the source in an inbound security group rule, the request is allowed and other requests are denied.</p>
<p id="vpc_Concepts_0005__en-us_topic_0118534002_p3381768598">By default, you do not need to configure deny rules in the inbound direction because requests that do not match allow rules will be denied.</p>
</li><li id="vpc_Concepts_0005__en-us_topic_0118534002_li3132125172918">Outbound rules control outgoing traffic from instances in the security group.<p id="vpc_Concepts_0005__en-us_topic_0118534002_p12465163742911"><a name="vpc_Concepts_0005__en-us_topic_0118534002_li3132125172918"></a><a name="en-us_topic_0118534002_li3132125172918"></a>If the destination of an outbound security group rule is 0.0.0.0/0, all outbound requests are allowed.</p>
<p id="vpc_Concepts_0005__en-us_topic_0118534002_p1489123784816">0.0.0.0/0 represents all IPv4 addresses.</p>
<p id="vpc_Concepts_0005__en-us_topic_0118534002_p102143157544">::/0 represents all IPv6 addresses.</p>
</li></ul>
</div>
<div class="p" id="vpc_Concepts_0005__p7415534941"><a href="#vpc_Concepts_0005__en-us_topic_0118534002_table102261597217">Table 1</a> uses custom security group sg-AB as an example to describe its inbound and outbound rules in detail.
<div class="tablenoborder"><a name="vpc_Concepts_0005__en-us_topic_0118534002_table102261597217"></a><a name="en-us_topic_0118534002_table102261597217"></a><table cellpadding="4" cellspacing="0" summary="" id="vpc_Concepts_0005__en-us_topic_0118534002_table102261597217" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Rules in security group sg-AB</caption><thead align="left"><tr id="vpc_Concepts_0005__en-us_topic_0118534002_row422689223"><th align="left" class="cellrowborder" valign="top" width="11.988837608672318%" id="mcps1.3.3.2.2.6.1.1"><p id="vpc_Concepts_0005__en-us_topic_0118534002_p922614911216"><strong id="vpc_Concepts_0005__b2060211579811">Direction</strong></p>
</th>
<th align="left" class="cellrowborder" valign="top" width="8.071267575399807%" id="mcps1.3.3.2.2.6.1.2"><p id="vpc_Concepts_0005__en-us_topic_0118534002_p1357892184215"><strong id="vpc_Concepts_0005__b6840161093">Type</strong></p>
</th>
<th align="left" class="cellrowborder" valign="top" width="10.69013630997102%" id="mcps1.3.3.2.2.6.1.3"><p id="vpc_Concepts_0005__en-us_topic_0118534002_p1922614915219"><strong id="vpc_Concepts_0005__b63131254586">Protocol &amp; Port</strong></p>
</th>
<th align="left" class="cellrowborder" valign="top" width="22.43211334120425%" id="mcps1.3.3.2.2.6.1.4"><p id="vpc_Concepts_0005__en-us_topic_0118534002_p163841416204"><strong id="vpc_Concepts_0005__b3695981208347">Source/Destination</strong></p>
</th>
<th align="left" class="cellrowborder" valign="top" width="46.817645164752605%" id="mcps1.3.3.2.2.6.1.5"><p id="vpc_Concepts_0005__en-us_topic_0118534002_p122261896217"><strong id="vpc_Concepts_0005__b1162713521817">Description</strong></p>
</th>
</tr>
</thead>
<tbody><tr id="vpc_Concepts_0005__en-us_topic_0118534002_row17226899214"><td class="cellrowborder" valign="top" width="11.988837608672318%" headers="mcps1.3.3.2.2.6.1.1 "><p id="vpc_Concepts_0005__en-us_topic_0118534002_p622669629">Inbound</p>
</td>
<td class="cellrowborder" valign="top" width="8.071267575399807%" headers="mcps1.3.3.2.2.6.1.2 "><p id="vpc_Concepts_0005__en-us_topic_0118534002_p165787211427">IPv4</p>
</td>
<td class="cellrowborder" valign="top" width="10.69013630997102%" headers="mcps1.3.3.2.2.6.1.3 "><p id="vpc_Concepts_0005__en-us_topic_0118534002_p122261091026">All</p>
</td>
<td class="cellrowborder" valign="top" width="22.43211334120425%" headers="mcps1.3.3.2.2.6.1.4 "><p id="vpc_Concepts_0005__en-us_topic_0118534002_p4226490213">Source: sg-AB</p>
</td>
<td class="cellrowborder" valign="top" width="46.817645164752605%" headers="mcps1.3.3.2.2.6.1.5 "><p id="vpc_Concepts_0005__en-us_topic_0118534002_p19909114193814">Allows ECSs in the security group to communicate with each other.</p>
</td>
</tr>
<tr id="vpc_Concepts_0005__en-us_topic_0118534002_row152581149173415"><td class="cellrowborder" valign="top" width="11.988837608672318%" headers="mcps1.3.3.2.2.6.1.1 "><p id="vpc_Concepts_0005__en-us_topic_0118534002_p17258114916344">Inbound</p>
</td>
<td class="cellrowborder" valign="top" width="8.071267575399807%" headers="mcps1.3.3.2.2.6.1.2 "><p id="vpc_Concepts_0005__en-us_topic_0118534002_p1470031010421">IPv4</p>
</td>
<td class="cellrowborder" valign="top" width="10.69013630997102%" headers="mcps1.3.3.2.2.6.1.3 "><p id="vpc_Concepts_0005__en-us_topic_0118534002_p10258549193411">TCP: 22</p>
</td>
<td class="cellrowborder" valign="top" width="22.43211334120425%" headers="mcps1.3.3.2.2.6.1.4 "><p id="vpc_Concepts_0005__en-us_topic_0118534002_p112580497345">Source: 0.0.0.0/0</p>
</td>
<td class="cellrowborder" valign="top" width="46.817645164752605%" headers="mcps1.3.3.2.2.6.1.5 "><p id="vpc_Concepts_0005__en-us_topic_0118534002_p20258849153419">Allows all IPv4 addresses to access ECSs in the security group over port 22 (SSH) for remotely logging in to Linux ECSs.</p>
</td>
</tr>
<tr id="vpc_Concepts_0005__en-us_topic_0118534002_row1815528134114"><td class="cellrowborder" valign="top" width="11.988837608672318%" headers="mcps1.3.3.2.2.6.1.1 "><p id="vpc_Concepts_0005__en-us_topic_0118534002_p1356063394116">Inbound</p>
</td>
<td class="cellrowborder" valign="top" width="8.071267575399807%" headers="mcps1.3.3.2.2.6.1.2 "><p id="vpc_Concepts_0005__en-us_topic_0118534002_p161401111104213">IPv4</p>
</td>
<td class="cellrowborder" valign="top" width="10.69013630997102%" headers="mcps1.3.3.2.2.6.1.3 "><p id="vpc_Concepts_0005__en-us_topic_0118534002_p2129124012146">TCP: 3389</p>
</td>
<td class="cellrowborder" valign="top" width="22.43211334120425%" headers="mcps1.3.3.2.2.6.1.4 "><p id="vpc_Concepts_0005__en-us_topic_0118534002_p1312918404145">Source: 0.0.0.0/0</p>
</td>
<td class="cellrowborder" valign="top" width="46.817645164752605%" headers="mcps1.3.3.2.2.6.1.5 "><p id="vpc_Concepts_0005__en-us_topic_0118534002_p712914018142">Allows all IPv4 addresses to access ECSs in the security group over port 3389 (RDP) for remotely logging in to Windows ECSs.</p>
</td>
</tr>
<tr id="vpc_Concepts_0005__en-us_topic_0118534002_row1237831174516"><td class="cellrowborder" valign="top" width="11.988837608672318%" headers="mcps1.3.3.2.2.6.1.1 "><p id="vpc_Concepts_0005__en-us_topic_0118534002_p216463644512">Inbound</p>
</td>
<td class="cellrowborder" valign="top" width="8.071267575399807%" headers="mcps1.3.3.2.2.6.1.2 "><p id="vpc_Concepts_0005__en-us_topic_0118534002_p9164736114517">IPv4</p>
</td>
<td class="cellrowborder" valign="top" width="10.69013630997102%" headers="mcps1.3.3.2.2.6.1.3 "><p id="vpc_Concepts_0005__en-us_topic_0118534002_p716443619457">TCP: 80</p>
</td>
<td class="cellrowborder" valign="top" width="22.43211334120425%" headers="mcps1.3.3.2.2.6.1.4 "><p id="vpc_Concepts_0005__en-us_topic_0118534002_p81641836104513">Source: 10.5.6.30/32</p>
</td>
<td class="cellrowborder" valign="top" width="46.817645164752605%" headers="mcps1.3.3.2.2.6.1.5 "><p id="vpc_Concepts_0005__en-us_topic_0118534002_p161646361459">Allows IP address 10.5.6.30 to access ECSs in the security group over port 80.</p>
</td>
</tr>
<tr id="vpc_Concepts_0005__en-us_topic_0118534002_row122457011313"><td class="cellrowborder" valign="top" width="11.988837608672318%" headers="mcps1.3.3.2.2.6.1.1 "><p id="vpc_Concepts_0005__en-us_topic_0118534002_p118533351542">Outbound</p>
</td>
<td class="cellrowborder" valign="top" width="8.071267575399807%" headers="mcps1.3.3.2.2.6.1.2 "><p id="vpc_Concepts_0005__en-us_topic_0118534002_p188537357543">IPv4</p>
</td>
<td class="cellrowborder" valign="top" width="10.69013630997102%" headers="mcps1.3.3.2.2.6.1.3 "><p id="vpc_Concepts_0005__en-us_topic_0118534002_p198531735105411">All</p>
</td>
<td class="cellrowborder" valign="top" width="22.43211334120425%" headers="mcps1.3.3.2.2.6.1.4 "><p id="vpc_Concepts_0005__en-us_topic_0118534002_p1085363515419">Destination: 0.0.0.0/0</p>
</td>
<td class="cellrowborder" valign="top" width="46.817645164752605%" headers="mcps1.3.3.2.2.6.1.5 "><p id="vpc_Concepts_0005__en-us_topic_0118534002_p14853173545416">Allows access from ECSs in the security group to any IPv4 address over any port.</p>
</td>
</tr>
<tr id="vpc_Concepts_0005__en-us_topic_0118534002_row1974265394319"><td class="cellrowborder" valign="top" width="11.988837608672318%" headers="mcps1.3.3.2.2.6.1.1 "><p id="vpc_Concepts_0005__en-us_topic_0118534002_p1474295314319">Outbound</p>
</td>
<td class="cellrowborder" valign="top" width="8.071267575399807%" headers="mcps1.3.3.2.2.6.1.2 "><p id="vpc_Concepts_0005__en-us_topic_0118534002_p1695884144417">IPv6</p>
</td>
<td class="cellrowborder" valign="top" width="10.69013630997102%" headers="mcps1.3.3.2.2.6.1.3 "><p id="vpc_Concepts_0005__en-us_topic_0118534002_p095819464411">All</p>
</td>
<td class="cellrowborder" valign="top" width="22.43211334120425%" headers="mcps1.3.3.2.2.6.1.4 "><p id="vpc_Concepts_0005__en-us_topic_0118534002_p119581445442">Destination: ::/0</p>
</td>
<td class="cellrowborder" valign="top" width="46.817645164752605%" headers="mcps1.3.3.2.2.6.1.5 "><p id="vpc_Concepts_0005__en-us_topic_0118534002_p18531435145411">Allows access from ECSs in the security group to any IPv6 address over any port.</p>
</td>
</tr>
</tbody>
</table>
</div>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="vpc_Concepts_0001.html">Basic Concepts</a></div>
</div>
</div>
View Git Blame Copy Permalink