yexinru/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
Files
e21aa18fe10074b030806761817558444e26f6c3
doc-exports/docs/ecs/umn/en-us_topic_0140323152.html
wanghuijuan738 e21aa18fe1 ECS UMN 20260304 version. Updated the x1 and x1e specifications. 
Reviewed-by: Pristromskaia, Margarita <margarita.pristromskaia@t-systems.com>
Co-authored-by: wanghuijuan738 <wanghuijuan738@huawei.com>
Co-committed-by: wanghuijuan738 <wanghuijuan738@huawei.com>
2026-03-27 13:57:13 +00:00

431 lines
49 KiB
HTML
Raw Blame History

<a name="EN-US_TOPIC_0140323152"></a><a name="EN-US_TOPIC_0140323152"></a>
<h1 class="topictitle1">Security Group Configuration Examples</h1>
<div id="body8662426"><div class="p" id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p8694101195115">When you create instances, such as cloud servers, containers, and databases, in a VPC subnet, you can <a href="en-us_topic_0140323154.html">use the default security group</a> or create a security group. You can <a href="en-us_topic_0030878383.html">add inbound and outbound rules</a> to the default or your created security group to control traffic from and to the instances in the security group. Here are some common security group configuration examples:<ul id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_ul156908257521"><li id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_li55121714105613"><a href="#EN-US_TOPIC_0140323152__en-us_topic_0118534011_section14933617154810">Remotely Logging In to an ECS from a Local Server</a></li><li id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_li8117192125613"><a href="#EN-US_TOPIC_0140323152__en-us_topic_0118534011_section8685162114185">Remotely Connecting to an ECS from a Local Server to Upload or Download Files over FTP</a></li><li id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_li62089274566"><a href="#EN-US_TOPIC_0140323152__en-us_topic_0118534011_section316061115481">Setting Up a Website on an ECS to Provide Internet-Accessible Services</a></li><li id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_li15530173313566"><a href="#EN-US_TOPIC_0140323152__en-us_topic_0118534011_section29561427142511">Using ping Command to Verify Network Connectivity</a></li><li id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_li16270638195612"><a href="#EN-US_TOPIC_0140323152__en-us_topic_0118534011_section094514632817">Enabling Communications Between Instances in Different Security Groups</a></li><li id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_li1312174711565"><a href="#EN-US_TOPIC_0140323152__en-us_topic_0118534011_section7465183583515">Allowing External Instances to Access the Database Deployed on an ECS</a></li><li id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_li1469012516523"><a href="#EN-US_TOPIC_0140323152__en-us_topic_0118534011_section949023514612">Allowing ECSs to Access Only Specific External Websites</a></li></ul>
</div>
<div class="section" id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_section135611617195110"><h4 class="sectiontitle">Notes</h4><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p1864433612111">Note the following before configuring security group rules:</p>
<ul id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_ul1106112333215"><li id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_li17815830194520">Instances associated with different security groups are isolated from each other by default.</li><li id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_li12531812134919">Generally, a security group denies all external requests by default, while allowing instances in it to communicate with each other.<p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p105221613134917"><a name="EN-US_TOPIC_0140323152__en-us_topic_0118534011_li12531812134919"></a><a name="en-us_topic_0118534011_li12531812134919"></a>If required, you can add inbound rules to allow specific traffic to access the instances in the security group.</p>
</li><li id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_li695415460505"><strong id="EN-US_TOPIC_0140323152__b480581018193">By default, outbound security group rules allow all requests from the instances in the security group to access external resources.</strong><div class="p" id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p122781748195013">If outbound rules are deleted, the instances in the security group cannot communicate with external resources. To allow outbound traffic, you need to add outbound rules by referring to <a href="#EN-US_TOPIC_0140323152__en-us_topic_0118534011_table102261597217">Table 1</a>.
<div class="tablenoborder"><a name="EN-US_TOPIC_0140323152__en-us_topic_0118534011_table102261597217"></a><a name="en-us_topic_0118534011_table102261597217"></a><table cellpadding="4" cellspacing="0" summary="" id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_table102261597217" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Default outbound rules in a security group</caption><thead align="left"><tr id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_row422689223"><th align="left" class="cellrowborder" valign="top" width="11.989322191272052%" id="mcps1.3.2.3.3.2.2.2.6.1.1"><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p922614911216">Direction</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="8.066388115134632%" id="mcps1.3.2.3.3.2.2.2.6.1.2"><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p1357892184215">Type</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="10.701021355617456%" id="mcps1.3.2.3.3.2.2.2.6.1.3"><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p1922614915219">Protocol &amp; Port</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="20.055710306406684%" id="mcps1.3.2.3.3.2.2.2.6.1.4"><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p163841416204">Destination</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="49.187558031569175%" id="mcps1.3.2.3.3.2.2.2.6.1.5"><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p122261896217">Description</p>
</th>
</tr>
</thead>
<tbody><tr id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_row1622669025"><td class="cellrowborder" valign="top" width="11.989322191272052%" headers="mcps1.3.2.3.3.2.2.2.6.1.1 "><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p172261916219">Outbound</p>
</td>
<td class="cellrowborder" valign="top" width="8.066388115134632%" headers="mcps1.3.2.3.3.2.2.2.6.1.2 "><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p115787220425">IPv4</p>
</td>
<td class="cellrowborder" valign="top" width="10.701021355617456%" headers="mcps1.3.2.3.3.2.2.2.6.1.3 "><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p622669227">All</p>
</td>
<td class="cellrowborder" valign="top" width="20.055710306406684%" headers="mcps1.3.2.3.3.2.2.2.6.1.4 "><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p142261691923">0.0.0.0/0</p>
</td>
<td class="cellrowborder" valign="top" width="49.187558031569175%" headers="mcps1.3.2.3.3.2.2.2.6.1.5 "><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p92261391327">Allows the instances in the security group to access any IPv4 address over any port.</p>
</td>
</tr>
<tr id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_row1974265394319"><td class="cellrowborder" valign="top" width="11.989322191272052%" headers="mcps1.3.2.3.3.2.2.2.6.1.1 "><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p1474295314319">Outbound</p>
</td>
<td class="cellrowborder" valign="top" width="8.066388115134632%" headers="mcps1.3.2.3.3.2.2.2.6.1.2 "><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p1695884144417">IPv6</p>
</td>
<td class="cellrowborder" valign="top" width="10.701021355617456%" headers="mcps1.3.2.3.3.2.2.2.6.1.3 "><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p095819464411">All</p>
</td>
<td class="cellrowborder" valign="top" width="20.055710306406684%" headers="mcps1.3.2.3.3.2.2.2.6.1.4 "><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p119581445442">::/0</p>
</td>
<td class="cellrowborder" valign="top" width="49.187558031569175%" headers="mcps1.3.2.3.3.2.2.2.6.1.5 "><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p19958154184411">Allows the instances in the security group to access any IPv6 address over any port.</p>
</td>
</tr>
</tbody>
</table>
</div>
</div>
</li></ul>
</div>
<div class="section" id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_section14933617154810"><a name="EN-US_TOPIC_0140323152__en-us_topic_0118534011_section14933617154810"></a><a name="en-us_topic_0118534011_section14933617154810"></a><h4 class="sectiontitle">Remotely Logging In to an ECS from a Local Server</h4><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p127427311418">A security group denies all external requests by default. To remotely log in to an ECS in a security group from a local server, add an inbound rule based on the OS running on the ECS.</p>
<ul id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_ul1854702684911"><li id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_li191185363113">To remotely log in to a Linux ECS using SSH, enable port 22. For details, see <a href="#EN-US_TOPIC_0140323152__en-us_topic_0118534011_table20321112045011">Table 2</a>.</li><li id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_li10118536610">To remotely log in to a Windows ECS using RDP, enable port 3389. For details, see <a href="#EN-US_TOPIC_0140323152__en-us_topic_0118534011_table1579314381815">Table 3</a>.
<div class="tablenoborder"><a name="EN-US_TOPIC_0140323152__en-us_topic_0118534011_table20321112045011"></a><a name="en-us_topic_0118534011_table20321112045011"></a><table cellpadding="4" cellspacing="0" summary="" id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_table20321112045011" frame="border" border="1" rules="all"><caption><b>Table 2 </b>Remotely logging in to a Linux ECS using SSH</caption><thead align="left"><tr id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_row10321820125012"><th align="left" class="cellrowborder" valign="top" width="20.535254760679365%" id="mcps1.3.3.3.2.2.2.5.1.1"><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p2032142055011">Direction</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="16.46937725167267%" id="mcps1.3.3.3.2.2.2.5.1.2"><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p4322520135016">Type</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="21.937725167267118%" id="mcps1.3.3.3.2.2.2.5.1.3"><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p18322202010507">Protocol &amp; Port</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="41.057642820380856%" id="mcps1.3.3.3.2.2.2.5.1.4"><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p19322112095012">Source</p>
</th>
</tr>
</thead>
<tbody><tr id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_row17226899214"><td class="cellrowborder" valign="top" width="20.535254760679365%" headers="mcps1.3.3.3.2.2.2.5.1.1 "><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p622669629">Inbound</p>
</td>
<td class="cellrowborder" valign="top" width="16.46937725167267%" headers="mcps1.3.3.3.2.2.2.5.1.2 "><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p165787211427"><strong id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_b176751021151814">IPv4</strong></p>
</td>
<td class="cellrowborder" valign="top" width="21.937725167267118%" headers="mcps1.3.3.3.2.2.2.5.1.3 "><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p122261091026">TCP: 22</p>
</td>
<td class="cellrowborder" valign="top" width="41.057642820380856%" headers="mcps1.3.3.3.2.2.2.5.1.4 "><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p95914491420">IP address: 0.0.0.0/0</p>
</td>
</tr>
</tbody>
</table>
</div>
<div class="tablenoborder"><a name="EN-US_TOPIC_0140323152__en-us_topic_0118534011_table1579314381815"></a><a name="en-us_topic_0118534011_table1579314381815"></a><table cellpadding="4" cellspacing="0" summary="" id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_table1579314381815" frame="border" border="1" rules="all"><caption><b>Table 3 </b>Remotely logging in to a Windows ECS using RDP</caption><thead align="left"><tr id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_row8793143813116"><th align="left" class="cellrowborder" valign="top" width="20.535254760679365%" id="mcps1.3.3.3.2.3.2.5.1.1"><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p177932381814">Direction</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="16.46937725167267%" id="mcps1.3.3.3.2.3.2.5.1.2"><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p13793183819120">Type</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="21.937725167267118%" id="mcps1.3.3.3.2.3.2.5.1.3"><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p1779314386110">Protocol &amp; Port</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="41.057642820380856%" id="mcps1.3.3.3.2.3.2.5.1.4"><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p117930381118">Source</p>
</th>
</tr>
</thead>
<tbody><tr id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_row1879311381216"><td class="cellrowborder" valign="top" width="20.535254760679365%" headers="mcps1.3.3.3.2.3.2.5.1.1 "><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p1379317381011">Inbound</p>
</td>
<td class="cellrowborder" valign="top" width="16.46937725167267%" headers="mcps1.3.3.3.2.3.2.5.1.2 "><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p117931238912">IPv4</p>
</td>
<td class="cellrowborder" valign="top" width="21.937725167267118%" headers="mcps1.3.3.3.2.3.2.5.1.3 "><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p207938381114">TCP: 3389</p>
</td>
<td class="cellrowborder" valign="top" width="41.057642820380856%" headers="mcps1.3.3.3.2.3.2.5.1.4 "><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p67937381617">IP address: 0.0.0.0/0</p>
</td>
</tr>
</tbody>
</table>
</div>
<div class="caution" id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_note1081092319918"><span class="cautiontitle"><img src="public_sys-resources/caution_3.0-en-us.png"> </span><div class="cautionbody"><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p896617165512">If the source is set to 0.0.0.0/0, all external IP addresses are allowed to remotely log in to the ECS. To ensure network security and prevent service interruptions caused by network intrusions, set the source to a known IP address (for example, the EIP bound to an ECS). For details, see <a href="#EN-US_TOPIC_0140323152__en-us_topic_0118534011_table1919016251434">Table 4</a>.</p>
</div></div>
<div class="tablenoborder"><a name="EN-US_TOPIC_0140323152__en-us_topic_0118534011_table1919016251434"></a><a name="en-us_topic_0118534011_table1919016251434"></a><table cellpadding="4" cellspacing="0" summary="" id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_table1919016251434" frame="border" border="1" rules="all"><caption><b>Table 4 </b>Remotely logging in to an ECS using a known IP address</caption><thead align="left"><tr id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_row81907251038"><th align="left" class="cellrowborder" valign="top" width="17.165546731826513%" id="mcps1.3.3.3.2.5.2.6.1.1"><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p4115811418">ECS Type</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="13.048259010384852%" id="mcps1.3.3.3.2.5.2.6.1.2"><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p1119013256311">Direction</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="14.465485644471595%" id="mcps1.3.3.3.2.5.2.6.1.3"><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p81903251838">Type</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="19.853390348197923%" id="mcps1.3.3.3.2.5.2.6.1.4"><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p1190325738">Protocol &amp; Port</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="35.46731826511912%" id="mcps1.3.3.3.2.5.2.6.1.5"><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p1190925635">Source</p>
</th>
</tr>
</thead>
<tbody><tr id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_row18456166420"><td class="cellrowborder" valign="top" width="17.165546731826513%" headers="mcps1.3.3.3.2.5.2.6.1.1 "><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p64567610416">Linux ECS</p>
</td>
<td class="cellrowborder" valign="top" width="13.048259010384852%" headers="mcps1.3.3.3.2.5.2.6.1.2 "><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p136531431943">Inbound</p>
</td>
<td class="cellrowborder" valign="top" width="14.465485644471595%" headers="mcps1.3.3.3.2.5.2.6.1.3 "><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p1556316291420">IPv4</p>
</td>
<td class="cellrowborder" valign="top" width="19.853390348197923%" headers="mcps1.3.3.3.2.5.2.6.1.4 "><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p55631829648">TCP: 22</p>
</td>
<td class="cellrowborder" valign="top" width="35.46731826511912%" headers="mcps1.3.3.3.2.5.2.6.1.5 "><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p05638293414">IP address: 12.<em id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_i375014072912">XX</em>.0.6/32</p>
</td>
</tr>
<tr id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_row1319114252319"><td class="cellrowborder" valign="top" width="17.165546731826513%" headers="mcps1.3.3.3.2.5.2.6.1.1 "><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p14115131549">Windows ECS</p>
</td>
<td class="cellrowborder" valign="top" width="13.048259010384852%" headers="mcps1.3.3.3.2.5.2.6.1.2 "><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p6191125134">Inbound</p>
</td>
<td class="cellrowborder" valign="top" width="14.465485644471595%" headers="mcps1.3.3.3.2.5.2.6.1.3 "><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p219112517317">IPv4</p>
</td>
<td class="cellrowborder" valign="top" width="19.853390348197923%" headers="mcps1.3.3.3.2.5.2.6.1.4 "><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p9191525137">TCP: 3389</p>
</td>
<td class="cellrowborder" valign="top" width="35.46731826511912%" headers="mcps1.3.3.3.2.5.2.6.1.5 "><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p2019113252319">IP address: 12.<em id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_i17826143511298">XX</em>.0.7/32</p>
</td>
</tr>
</tbody>
</table>
</div>
</li></ul>
</div>
<div class="section" id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_section8685162114185"><a name="EN-US_TOPIC_0140323152__en-us_topic_0118534011_section8685162114185"></a><a name="en-us_topic_0118534011_section8685162114185"></a><h4 class="sectiontitle">Remotely Connecting to an ECS from a Local Server to Upload or Download Files over FTP</h4><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p513213514193">By default, a security group denies all external requests. If you need to remotely connect to an ECS from a local server to upload or download files over FTP, you need to enable FTP ports 20 and 21.</p>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_table1222942282320" frame="border" border="1" rules="all"><caption><b>Table 5 </b>Remotely connecting to an ECS from any server to upload or download files over FTP</caption><thead align="left"><tr id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_row1223032211233"><th align="left" class="cellrowborder" valign="top" width="20.535254760679365%" id="mcps1.3.4.3.2.5.1.1"><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p142302228231">Direction</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="16.46937725167267%" id="mcps1.3.4.3.2.5.1.2"><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p123010229239">Type</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="21.937725167267118%" id="mcps1.3.4.3.2.5.1.3"><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p17230162292318">Protocol &amp; Port</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="41.057642820380856%" id="mcps1.3.4.3.2.5.1.4"><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p10230422192318">Source</p>
</th>
</tr>
</thead>
<tbody><tr id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_row1023042212239"><td class="cellrowborder" valign="top" width="20.535254760679365%" headers="mcps1.3.4.3.2.5.1.1 "><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p12301322132317">Inbound</p>
</td>
<td class="cellrowborder" valign="top" width="16.46937725167267%" headers="mcps1.3.4.3.2.5.1.2 "><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p1230622182312">IPv4</p>
</td>
<td class="cellrowborder" valign="top" width="21.937725167267118%" headers="mcps1.3.4.3.2.5.1.3 "><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p1723016224232">TCP: 20-21</p>
</td>
<td class="cellrowborder" valign="top" width="41.057642820380856%" headers="mcps1.3.4.3.2.5.1.4 "><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p4230172222311">IP address: 0.0.0.0/0</p>
</td>
</tr>
</tbody>
</table>
</div>
<div class="caution" id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_note14564165191016"><span class="cautiontitle"><img src="public_sys-resources/caution_3.0-en-us.png"> </span><div class="cautionbody"><ul id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_ul2214105712613"><li id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_li122157579616">If the source is set to 0.0.0.0/0, all external IP addresses are allowed to remotely log in to the ECS to upload or download files. To ensure network security and prevent service interruptions caused by network intrusions, set the source to a known IP address. For details, see <a href="#EN-US_TOPIC_0140323152__en-us_topic_0118534011_table127653483419">Table 6</a>.</li><li id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_li22151257268">You must first install the FTP server program on the ECSs and then check whether ports 20 and 21 are working properly. </li></ul>
</div></div>
<div class="tablenoborder"><a name="EN-US_TOPIC_0140323152__en-us_topic_0118534011_table127653483419"></a><a name="en-us_topic_0118534011_table127653483419"></a><table cellpadding="4" cellspacing="0" summary="" id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_table127653483419" frame="border" border="1" rules="all"><caption><b>Table 6 </b>Remotely connecting to an ECS from a known server to upload or download files</caption><thead align="left"><tr id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_row77654483415"><th align="left" class="cellrowborder" valign="top" width="20.535254760679365%" id="mcps1.3.4.5.2.5.1.1"><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p276524820413">Direction</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="16.46937725167267%" id="mcps1.3.4.5.2.5.1.2"><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p117651348346">Type</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="21.937725167267118%" id="mcps1.3.4.5.2.5.1.3"><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p47651348246">Protocol &amp; Port</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="41.057642820380856%" id="mcps1.3.4.5.2.5.1.4"><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p1476584815419">Source</p>
</th>
</tr>
</thead>
<tbody><tr id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_row876511484419"><td class="cellrowborder" valign="top" width="20.535254760679365%" headers="mcps1.3.4.5.2.5.1.1 "><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p18765164810415">Inbound</p>
</td>
<td class="cellrowborder" valign="top" width="16.46937725167267%" headers="mcps1.3.4.5.2.5.1.2 "><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p7765144810420">IPv4</p>
</td>
<td class="cellrowborder" valign="top" width="21.937725167267118%" headers="mcps1.3.4.5.2.5.1.3 "><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p9765104816418">TCP: 20-21</p>
</td>
<td class="cellrowborder" valign="top" width="41.057642820380856%" headers="mcps1.3.4.5.2.5.1.4 "><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p9766154814413">IP address: 192.168.0.0/24</p>
</td>
</tr>
</tbody>
</table>
</div>
</div>
<div class="section" id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_section316061115481"><a name="EN-US_TOPIC_0140323152__en-us_topic_0118534011_section316061115481"></a><a name="en-us_topic_0118534011_section316061115481"></a><h4 class="sectiontitle">Setting Up a Website on an ECS to Provide Internet-Accessible Services</h4><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p85012091073">A security group denies all external requests by default. If you set up a website on an ECS to allow access from the Internet, you need to add an inbound rule to the ECS security group to allow access over specific ports, such as HTTP (80) and HTTPS (443).</p>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_table347342171117" frame="border" border="1" rules="all"><caption><b>Table 7 </b>Setting up a website on an ECS to provide internet-accessible services</caption><thead align="left"><tr id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_row7473926113"><th align="left" class="cellrowborder" valign="top" width="20.535254760679365%" id="mcps1.3.5.3.2.5.1.1"><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p647392131113">Direction</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="16.46937725167267%" id="mcps1.3.5.3.2.5.1.2"><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p124731526116">Type</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="21.937725167267118%" id="mcps1.3.5.3.2.5.1.3"><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p04737281110">Protocol &amp; Port</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="41.057642820380856%" id="mcps1.3.5.3.2.5.1.4"><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p84738291110">Source</p>
</th>
</tr>
</thead>
<tbody><tr id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_row20473926119"><td class="cellrowborder" valign="top" width="20.535254760679365%" headers="mcps1.3.5.3.2.5.1.1 "><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p1147313291113">Inbound</p>
</td>
<td class="cellrowborder" valign="top" width="16.46937725167267%" headers="mcps1.3.5.3.2.5.1.2 "><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p1747314241112">IPv4</p>
</td>
<td class="cellrowborder" valign="top" width="21.937725167267118%" headers="mcps1.3.5.3.2.5.1.3 "><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p54733211115">TCP: 80</p>
</td>
<td class="cellrowborder" valign="top" width="41.057642820380856%" headers="mcps1.3.5.3.2.5.1.4 "><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p154736218119">IP address: 0.0.0.0/0</p>
</td>
</tr>
<tr id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_row3774320101119"><td class="cellrowborder" valign="top" width="20.535254760679365%" headers="mcps1.3.5.3.2.5.1.1 "><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p1035952614118">Inbound</p>
</td>
<td class="cellrowborder" valign="top" width="16.46937725167267%" headers="mcps1.3.5.3.2.5.1.2 "><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p1935922691112">IPv4</p>
</td>
<td class="cellrowborder" valign="top" width="21.937725167267118%" headers="mcps1.3.5.3.2.5.1.3 "><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p1335911262114">TCP: 443</p>
</td>
<td class="cellrowborder" valign="top" width="41.057642820380856%" headers="mcps1.3.5.3.2.5.1.4 "><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p13359162618116">IP address: 0.0.0.0/0</p>
</td>
</tr>
</tbody>
</table>
</div>
</div>
<div class="section" id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_section29561427142511"><a name="EN-US_TOPIC_0140323152__en-us_topic_0118534011_section29561427142511"></a><a name="en-us_topic_0118534011_section29561427142511"></a><h4 class="sectiontitle">Using <strong id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_b17401105101610">ping</strong> Command to Verify Network Connectivity</h4><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p10645205462511">Ping works by sending an Internet Control Message Protocol (ICMP) Echo Request. To ping an ECS from your PC to verify the network connectivity, you need to add an inbound rule to the security group of the ECS to allow ICMP traffic.</p>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_table17221654182617" frame="border" border="1" rules="all"><caption><b>Table 8 </b>Using <strong id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_b5219185313217">ping</strong> command to verify network connectivity</caption><thead align="left"><tr id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_row722154162612"><th align="left" class="cellrowborder" valign="top" width="20.535254760679365%" id="mcps1.3.6.3.2.5.1.1"><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p122285411263">Direction</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="16.46937725167267%" id="mcps1.3.6.3.2.5.1.2"><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p423105411261">Type</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="21.937725167267118%" id="mcps1.3.6.3.2.5.1.3"><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p32310544266">Protocol &amp; Port</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="41.057642820380856%" id="mcps1.3.6.3.2.5.1.4"><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p1523145432619">Source</p>
</th>
</tr>
</thead>
<tbody><tr id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_row12231154182619"><td class="cellrowborder" valign="top" width="20.535254760679365%" headers="mcps1.3.6.3.2.5.1.1 "><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p123125472613">Inbound</p>
</td>
<td class="cellrowborder" valign="top" width="16.46937725167267%" headers="mcps1.3.6.3.2.5.1.2 "><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p02375422619">IPv4</p>
</td>
<td class="cellrowborder" valign="top" width="21.937725167267118%" headers="mcps1.3.6.3.2.5.1.3 "><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p840921410279">ICMP: All</p>
</td>
<td class="cellrowborder" valign="top" width="41.057642820380856%" headers="mcps1.3.6.3.2.5.1.4 "><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p82345422611">IP address: 0.0.0.0/0</p>
</td>
</tr>
<tr id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_row1517227132217"><td class="cellrowborder" valign="top" width="20.535254760679365%" headers="mcps1.3.6.3.2.5.1.1 "><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p124151611172216">Inbound</p>
</td>
<td class="cellrowborder" valign="top" width="16.46937725167267%" headers="mcps1.3.6.3.2.5.1.2 "><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p17415311142218">IPv6</p>
</td>
<td class="cellrowborder" valign="top" width="21.937725167267118%" headers="mcps1.3.6.3.2.5.1.3 "><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p1415131116229">ICMP: All</p>
</td>
<td class="cellrowborder" valign="top" width="41.057642820380856%" headers="mcps1.3.6.3.2.5.1.4 "><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p6415121119225">IP address: ::/0</p>
</td>
</tr>
</tbody>
</table>
</div>
</div>
<div class="section" id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_section094514632817"><a name="EN-US_TOPIC_0140323152__en-us_topic_0118534011_section094514632817"></a><a name="en-us_topic_0118534011_section094514632817"></a><h4 class="sectiontitle">Enabling Communications Between Instances in Different Security Groups</h4><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p7304829112814">Instances in the same VPC but in different security groups cannot communicate with each other. If you want ECSs in security group <strong id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_b12627125552610">sg-A</strong> to access MySQL databases in security group <strong id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_b1653719599265">sg-B</strong>, you need to add an inbound rule to security group <strong id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_b161129132713">sg-B</strong> to allow access from ECSs in security group <strong id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_b1071771292711">sg-A</strong>.</p>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_table274125420311" frame="border" border="1" rules="all"><caption><b>Table 9 </b>Enabling communications between instances in different security groups</caption><thead align="left"><tr id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_row13741154103116"><th align="left" class="cellrowborder" valign="top" width="20.535254760679365%" id="mcps1.3.7.3.2.5.1.1"><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p07517548312">Direction</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="16.46937725167267%" id="mcps1.3.7.3.2.5.1.2"><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p17545419312">Type</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="21.937725167267118%" id="mcps1.3.7.3.2.5.1.3"><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p1775125453119">Protocol &amp; Port</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="41.057642820380856%" id="mcps1.3.7.3.2.5.1.4"><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p1975145416311">Source</p>
</th>
</tr>
</thead>
<tbody><tr id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_row15751154173117"><td class="cellrowborder" valign="top" width="20.535254760679365%" headers="mcps1.3.7.3.2.5.1.1 "><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p07535443115">Inbound</p>
</td>
<td class="cellrowborder" valign="top" width="16.46937725167267%" headers="mcps1.3.7.3.2.5.1.2 "><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p17751454203117">IPv4</p>
</td>
<td class="cellrowborder" valign="top" width="21.937725167267118%" headers="mcps1.3.7.3.2.5.1.3 "><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p275654173111">TCP: 3306</p>
</td>
<td class="cellrowborder" valign="top" width="41.057642820380856%" headers="mcps1.3.7.3.2.5.1.4 "><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p1675354183118">Security group: sg-A</p>
</td>
</tr>
</tbody>
</table>
</div>
</div>
<div class="section" id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_section7465183583515"><a name="EN-US_TOPIC_0140323152__en-us_topic_0118534011_section7465183583515"></a><a name="en-us_topic_0118534011_section7465183583515"></a><h4 class="sectiontitle">Allowing External Instances to Access the Database Deployed on an ECS</h4><div class="p" id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p19466352968">By default, security groups deny all inbound requests. If you have deployed a database on a cloud server and want the database to be accessible to external instances over a private network, you need to add inbound rules to the security group of the cloud server to allow access over corresponding ports. Here are some common ports for databases:<ul id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_ul16201668714"><li id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_li16202061717">MySQL: port 3306</li><li id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_li16201611710">Oracle: port 1521</li><li id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_li136201267718">MS SQL: port 1433</li><li id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_li2620961776">PostgreSQL: port 5432</li><li id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_li76201861270">Redis: port 6379</li></ul>
</div>
<p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p73169415124">In this example, the source is for reference only. Set the source based on actual requirements.</p>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_table323097153918" frame="border" border="1" rules="all"><caption><b>Table 10 </b>Allowing external instances to access the database deployed on an ECS</caption><thead align="left"><tr id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_row18231372398"><th align="left" class="cellrowborder" valign="top" width="15.707058540110813%" id="mcps1.3.8.4.2.6.1.1"><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p823107163915">Direction</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="11.960973259455553%" id="mcps1.3.8.4.2.6.1.2"><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p123119713395">Type</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="17.742712599373643%" id="mcps1.3.8.4.2.6.1.3"><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p623137143911">Protocol &amp; Port</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="18.83883401589978%" id="mcps1.3.8.4.2.6.1.4"><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p62311875393">Source</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="35.750421585160204%" id="mcps1.3.8.4.2.6.1.5"><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p1930614220409">Description</p>
</th>
</tr>
</thead>
<tbody><tr id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_row1723119713397"><td class="cellrowborder" valign="top" width="15.707058540110813%" headers="mcps1.3.8.4.2.6.1.1 "><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p823110717392">Inbound</p>
</td>
<td class="cellrowborder" valign="top" width="11.960973259455553%" headers="mcps1.3.8.4.2.6.1.2 "><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p9231875395">IPv4</p>
</td>
<td class="cellrowborder" valign="top" width="17.742712599373643%" headers="mcps1.3.8.4.2.6.1.3 "><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p142311075393">TCP: 3306</p>
</td>
<td class="cellrowborder" valign="top" width="18.83883401589978%" headers="mcps1.3.8.4.2.6.1.4 "><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p152310733912">Security group: sg-A</p>
</td>
<td class="cellrowborder" valign="top" width="35.750421585160204%" headers="mcps1.3.8.4.2.6.1.5 "><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p8306114274012">Allows the ECSs in security group <strong id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_b53351154102710">sg-A</strong> to access the MySQL database.</p>
</td>
</tr>
<tr id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_row23154673913"><td class="cellrowborder" valign="top" width="15.707058540110813%" headers="mcps1.3.8.4.2.6.1.1 "><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p3990161154018">Inbound</p>
</td>
<td class="cellrowborder" valign="top" width="11.960973259455553%" headers="mcps1.3.8.4.2.6.1.2 "><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p69914114408">IPv4</p>
</td>
<td class="cellrowborder" valign="top" width="17.742712599373643%" headers="mcps1.3.8.4.2.6.1.3 "><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p999141124012">TCP: 1521</p>
</td>
<td class="cellrowborder" valign="top" width="18.83883401589978%" headers="mcps1.3.8.4.2.6.1.4 "><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p12991311402">Security group: sg-B</p>
</td>
<td class="cellrowborder" valign="top" width="35.750421585160204%" headers="mcps1.3.8.4.2.6.1.5 "><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p730634210407">Allows the ECSs in security group <strong id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_b10745432283">sg-B</strong> to access the Oracle database.</p>
</td>
</tr>
<tr id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_row443675013391"><td class="cellrowborder" valign="top" width="15.707058540110813%" headers="mcps1.3.8.4.2.6.1.1 "><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p116517364011">Inbound</p>
</td>
<td class="cellrowborder" valign="top" width="11.960973259455553%" headers="mcps1.3.8.4.2.6.1.2 "><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p46527316409">IPv4</p>
</td>
<td class="cellrowborder" valign="top" width="17.742712599373643%" headers="mcps1.3.8.4.2.6.1.3 "><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p12652938407">TCP: 1433</p>
</td>
<td class="cellrowborder" valign="top" width="18.83883401589978%" headers="mcps1.3.8.4.2.6.1.4 "><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p20652733406">IP address: 172.16.3.21/32</p>
</td>
<td class="cellrowborder" valign="top" width="35.750421585160204%" headers="mcps1.3.8.4.2.6.1.5 "><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p13206143964211">Allows the ECS whose private IP address is 172.16.3.21 to access the MS SQL database.</p>
</td>
</tr>
<tr id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_row20436105083917"><td class="cellrowborder" valign="top" width="15.707058540110813%" headers="mcps1.3.8.4.2.6.1.1 "><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p1432111518402">Inbound</p>
</td>
<td class="cellrowborder" valign="top" width="11.960973259455553%" headers="mcps1.3.8.4.2.6.1.2 "><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p1432116518409">IPv4</p>
</td>
<td class="cellrowborder" valign="top" width="17.742712599373643%" headers="mcps1.3.8.4.2.6.1.3 "><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p3321957406">TCP: 5432</p>
</td>
<td class="cellrowborder" valign="top" width="18.83883401589978%" headers="mcps1.3.8.4.2.6.1.4 "><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p332165144018">IP address: 192.168.0.0/24</p>
</td>
<td class="cellrowborder" valign="top" width="35.750421585160204%" headers="mcps1.3.8.4.2.6.1.5 "><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p4306104214015">Allows ECSs whose private IP addresses are in the 192.168.0.0/24 network to access the PostgreSQL database.</p>
</td>
</tr>
</tbody>
</table>
</div>
</div>
<div class="section" id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_section949023514612"><a name="EN-US_TOPIC_0140323152__en-us_topic_0118534011_section949023514612"></a><a name="en-us_topic_0118534011_section949023514612"></a><h4 class="sectiontitle">Allowing ECSs to Access Only Specific External Websites</h4><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p426962145415">By default, a security group allows all outbound traffic. <a href="#EN-US_TOPIC_0140323152__en-us_topic_0118534011_table5759161135518">Table 12</a> lists the default outbound rules. If you want to allow ECSs to access only specific websites, configure the security group as follows:</p>
<ol id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_ol17575223145410"><li id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_li3575323195417">Add outbound rules to only allow traffic over specific ports to specific IP addresses.
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_table8520256115219" frame="border" border="1" rules="all"><caption><b>Table 11 </b>Allowing ECSs to access only specific external websites</caption><thead align="left"><tr id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_row13520135645210"><th align="left" class="cellrowborder" valign="top" width="10.513852711342647%" id="mcps1.3.9.3.1.1.2.6.1.1"><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p1552045616524">Direction</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="7.84986976083353%" id="mcps1.3.9.3.1.1.2.6.1.2"><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p052045616528">Type</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="14.113189675586076%" id="mcps1.3.9.3.1.1.2.6.1.3"><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p125201656195216">Protocol &amp; Port</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="20.388349514563107%" id="mcps1.3.9.3.1.1.2.6.1.4"><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p2052065645215">Destination</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="47.134738337674634%" id="mcps1.3.9.3.1.1.2.6.1.5"><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p162031253111419">Description</p>
</th>
</tr>
</thead>
<tbody><tr id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_row165201056185215"><td class="cellrowborder" valign="top" width="10.513852711342647%" headers="mcps1.3.9.3.1.1.2.6.1.1 "><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p852085617521">Outbound</p>
</td>
<td class="cellrowborder" valign="top" width="7.84986976083353%" headers="mcps1.3.9.3.1.1.2.6.1.2 "><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p125207569527">IPv4</p>
</td>
<td class="cellrowborder" valign="top" width="14.113189675586076%" headers="mcps1.3.9.3.1.1.2.6.1.3 "><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p14653161613531">TCP: 80</p>
</td>
<td class="cellrowborder" valign="top" width="20.388349514563107%" headers="mcps1.3.9.3.1.1.2.6.1.4 "><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p106531216195315">IP address: 132.15.XX.XX</p>
</td>
<td class="cellrowborder" valign="top" width="47.134738337674634%" headers="mcps1.3.9.3.1.1.2.6.1.5 "><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p5926176101718">Allows ECSs in the security group to access the external website at http://132.15.XX.XX:80.</p>
</td>
</tr>
<tr id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_row8644171465314"><td class="cellrowborder" valign="top" width="10.513852711342647%" headers="mcps1.3.9.3.1.1.2.6.1.1 "><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p118831263531">Outbound</p>
</td>
<td class="cellrowborder" valign="top" width="7.84986976083353%" headers="mcps1.3.9.3.1.1.2.6.1.2 "><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p158841826125320">IPv4</p>
</td>
<td class="cellrowborder" valign="top" width="14.113189675586076%" headers="mcps1.3.9.3.1.1.2.6.1.3 "><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p18653141617537">TCP: 443</p>
</td>
<td class="cellrowborder" valign="top" width="20.388349514563107%" headers="mcps1.3.9.3.1.1.2.6.1.4 "><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p166531216135320">IP address: 145.117.XX.XX</p>
</td>
<td class="cellrowborder" valign="top" width="47.134738337674634%" headers="mcps1.3.9.3.1.1.2.6.1.5 "><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_p17203253131412">Allows ECSs in the security group to access the external website at https://145.117.XX.XX:443.</p>
</td>
</tr>
</tbody>
</table>
</div>
</li><li id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_li36001735125411">Delete the default outbound rules that allow all traffic.
<div class="tablenoborder"><a name="EN-US_TOPIC_0140323152__en-us_topic_0118534011_table5759161135518"></a><a name="en-us_topic_0118534011_table5759161135518"></a><table cellpadding="4" cellspacing="0" summary="" id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_table5759161135518" frame="border" border="1" rules="all"><caption><b>Table 12 </b>Default outbound rules in a security group</caption><thead align="left"><tr id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_en-us_topic_0118534011_row422689223"><th align="left" class="cellrowborder" valign="top" width="11.989322191272052%" id="mcps1.3.9.3.2.1.2.6.1.1"><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_en-us_topic_0118534011_p922614911216">Direction</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="8.066388115134632%" id="mcps1.3.9.3.2.1.2.6.1.2"><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_en-us_topic_0118534011_p1357892184215">Type</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="10.701021355617456%" id="mcps1.3.9.3.2.1.2.6.1.3"><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_en-us_topic_0118534011_p1922614915219">Protocol &amp; Port</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="20.055710306406684%" id="mcps1.3.9.3.2.1.2.6.1.4"><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_en-us_topic_0118534011_p163841416204">Destination</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="49.187558031569175%" id="mcps1.3.9.3.2.1.2.6.1.5"><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_en-us_topic_0118534011_p122261896217">Description</p>
</th>
</tr>
</thead>
<tbody><tr id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_en-us_topic_0118534011_row1622669025"><td class="cellrowborder" valign="top" width="11.989322191272052%" headers="mcps1.3.9.3.2.1.2.6.1.1 "><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_en-us_topic_0118534011_p172261916219">Outbound</p>
</td>
<td class="cellrowborder" valign="top" width="8.066388115134632%" headers="mcps1.3.9.3.2.1.2.6.1.2 "><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_en-us_topic_0118534011_p115787220425">IPv4</p>
</td>
<td class="cellrowborder" valign="top" width="10.701021355617456%" headers="mcps1.3.9.3.2.1.2.6.1.3 "><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_en-us_topic_0118534011_p622669227">All</p>
</td>
<td class="cellrowborder" valign="top" width="20.055710306406684%" headers="mcps1.3.9.3.2.1.2.6.1.4 "><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_en-us_topic_0118534011_p142261691923">0.0.0.0/0</p>
</td>
<td class="cellrowborder" valign="top" width="49.187558031569175%" headers="mcps1.3.9.3.2.1.2.6.1.5 "><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_en-us_topic_0118534011_p92261391327">Allows the instances in the security group to access any IPv4 address over any port.</p>
</td>
</tr>
<tr id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_en-us_topic_0118534011_row1974265394319"><td class="cellrowborder" valign="top" width="11.989322191272052%" headers="mcps1.3.9.3.2.1.2.6.1.1 "><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_en-us_topic_0118534011_p1474295314319">Outbound</p>
</td>
<td class="cellrowborder" valign="top" width="8.066388115134632%" headers="mcps1.3.9.3.2.1.2.6.1.2 "><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_en-us_topic_0118534011_p1695884144417">IPv6</p>
</td>
<td class="cellrowborder" valign="top" width="10.701021355617456%" headers="mcps1.3.9.3.2.1.2.6.1.3 "><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_en-us_topic_0118534011_p095819464411">All</p>
</td>
<td class="cellrowborder" valign="top" width="20.055710306406684%" headers="mcps1.3.9.3.2.1.2.6.1.4 "><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_en-us_topic_0118534011_p119581445442">::/0</p>
</td>
<td class="cellrowborder" valign="top" width="49.187558031569175%" headers="mcps1.3.9.3.2.1.2.6.1.5 "><p id="EN-US_TOPIC_0140323152__en-us_topic_0118534011_en-us_topic_0118534011_p19958154184411">Allows the instances in the security group to access any IPv6 address over any port.</p>
</td>
</tr>
</tbody>
</table>
</div>
</li></ol>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="en-us_topic_0140323151.html">Security Groups</a></div>
</div>
</div>
View Git Blame Copy Permalink