A security group is a virtual firewall that is used to control the ECS outbound and inbound traffic. Within the same VPC, ECS instances in the same security group can communicate with each other over the intranet. By default, ECS instances under different VSwitches in a VPC can access each other by using system routes. You can configure the security group rules to isolate the instances from one another. For more information, see Isolate the subnets in a VPC.
When you create a VPC ECS instance, you can add the instance into a default security group provided by the system, or select other existing security groups in the VPC.
For more information about the rules of a default security group, see Default security group rules.
After you have the network plan, you can configure the security groups. For more information about how to add a security group, see Add a security group. For more information about the scenarios of security groups, see Scenarios.