A security group acts as a virtual firewall to control inbound and outbound traffic for Elastic Compute Service (ECS) instances. This topic describes how to create a custom security group in the ECS console.
A virtual private cloud (VPC) is created. This requirement must be met if you want to create a security group of the VPC type. For more information, see Create and manage a VPC.
If you have not created a security group when you create an ECS instance, a default security group is automatically created. If you want to add an ECS instance to a custom security group, perform the following operations to create the security group.
For more information about security groups, see Overview.
- Go to the Security Groups page.
- Log on to the ECS console.
- In the left-side navigation pane, choose .
- In the top navigation bar, select a region.
- Click Create Security Group.
- In the Basic Information section, specify the basic information about the security group.
- Specify the name, description, resource group, and tags of the security group. This allows you to easily identify the security group.
- Specify a network. You can select the classic network or a VPC. For more information, see Network types.
- Specify the type of security group. You can select the basic or advanced security group type.
- In the Access Rule section, configure security group rules. By default, basic security group rules are configured in the security group. To add custom rules, perform the following steps. For more information, see Add a security group rule.
- Click the Inbound or Outbound tab based on the direction of the rules that you want to create.
- Click Add Rule.
- Add custom rules. For more information about security group rules, see Overview.
- Click Create Security Group. After you create the security group, you can view the security group on the Security Groups page. For more information, see Search for security groups.
What to do next
- You can add security group rules to a security group to control inbound and outbound traffic for ECS instances that belong to the security group. For more information, see Add a security group rule.
- Each ECS instance must belong to at least one security group. You can add an instance to one or more security groups. For more information, see Manage ECS instances in security groups and Manage ENIs in security groups.
- For information about how to troubleshoot the issue that an ECS instance cannot be accessed after the instance is added to a security group, see Why am I unable to access services after I configure a security group?
For information about how to create a security group by calling an API operation, see CreateSecurityGroup.