Create a security group

Last Updated: May 14, 2018

Each ECS instance must join at least one security group. For more information, see Security groups.

If you do not have a security group when your create an ECS instance, you can use the default one provided by the system. For more information, see Default security group rules.

Alternatively, you can create a security group to meet your business needs and add your instances to it.

Prerequisites

To create a VPC-Connected security group, you must Create a VPC.

Note: You can create a VPC-Connected security group across VSwitches, but not across VPCs.

Procedure

  1. Log on to the ECS console.

  2. In the left-side navigation pane, select Networks & Security > Security Groups.

  3. Select a region.

  4. Click Create Security Group.

  5. In the Create Security Group dialog box, complete the following configurations:

    • Template: If the instances in the security group are for Web server deployment, select an ideal template to simplify security group rule configuration.

      Scenario Template Description
      To deploy a Web server on the Linux instances in the security group Web Server Linux By default, inbound traffic to port TCP 80, TCP 443, TCP 22, and for ICMP is allowed.
      To deploy a Web server on the Windows instances in the security group Web Server Windows By default, inbound traffic to port TCP 80, TCP 443, TCP 3389, and for ICMP is allowed.
      Not for Web server Customize After the security group is created, add a security group rule to meet your business needs.
    • Security Group Name: Specify a valid security group name.

    • Description: Give a brief to the security group for future management.

    • Network Type:

      • To create a VPC-Connected security group, select VPC and then a specific VPC.
      • To create a classic network-connected security group, select Classic.
        Create Security Group dialog box
  6. Click OK.

For a new security group without any rules, the following default rules apply to the communication of all the instances in the group over Internet or intranet:

  • Outbound: Allow all for outbound traffic.
  • Inbound: Drop all for inbound traffic.

Follow-up operations

After you create a security, add a security group rule.

To meet your business needs, add an ECS instance to a security group.

CreateSecurityGroup

Thank you! We've received your feedback.