You can add rules to a security group to control inbound and outbound traffic for Elastic Compute Service (ECS) instances in the security group.

Background information

Alibaba Cloud provides examples on how to configure security group rules in common scenarios. For more information, see Security groups for different use cases.

This topic is suitable for the following scenarios:
  • When an application deployed on your instance initiates a request to a network external to the security groups of the instance but the request remains in the waiting state, you must add a security group rule to allow the request.
  • When running applications suffer attacks from some of the request sources, you can add security group rules to block the malicious requests.
Before you add security group rules, take note of the following items:
  • Before you add rules to a basic or advanced security group, take note that the security group contains default rules. For more information, see Basic security groups and advanced security groups.
  • A security group can contain only a limited number of rules. We recommend that you add the minimum number of rules. For more information, see Overview.


  1. Go to the Security Groups page.
    1. Log on to the ECS console.
    2. In the left-side navigation pane, choose Network & Security > Security Groups.
    3. In the top navigation bar, select a region.
  2. Find the security group to which you want to add a rule and click Add Rules in the Actions column.
  3. Select a direction of security group rules.
    • If the network type of the security group is Virtual Private Cloud (VPC), click the Inbound or Outbound tab.
    • If the network type of the security group is classic network, click the Inbound, Outbound, Internet Ingress, or Internet Egress tab.
  4. Add a security group rule.
    • Method 1: Quickly add a security group rule

      This method is suitable for configuring common TCP rules. Click Quick Add. In the Quick Add dialog box, set Action and Authorization Object and select one or more ports.

    • Method 2: Manually add a security group rule
      To manually add a security group rule, you must set parameters such as Action, Priority, Protocol Type, Port Range, and Authorization Object.
      1. Click Add Rule.
      2. Configure the rule that you want to add to the rule list. For information about how to configure a single security group rule, see Overview.
      3. Click Save in the Actions column.