A security group functions as a virtual firewall to control network access of ECS instances. This topic describes how to create a security group in the ECS console.
Prerequisites
A VPC and a vSwitch are created if you want to create a VPC-type security group. For more information, see Create a VPC.
Background information
Each ECS instance must belong to at least one security group. If no security groups have been created when you create an ECS instance, a default security group is created. The default security group has only inbound rules configured for the ICMP protocol, SSH port 22, RDP port 3389, HTTP port 80, and HTTPS port 443. For more information, see Overview. If you do not want the ECS instance to be added to the default security group, you can create a security group as described in this topic.
Procedure
Result

What to do next
- You can configure security group rules to allow or deny access to or from the Internet or internal network for ECS instances in a security group. For more information, see Add security group rules.
- Each ECS instance must belong to at least one security group. You can add an instance to one or more security groups. For more information, see Add an ECS instance to a security group.