This topic describes how to modify the attributes of a security group. These attributes include the name, description, and internal access control policy of the security group.

Prerequisites

A security group is created. For more information, see Create a security group.

Modifies the name and description of a security group

  1. Log on to the ECS console.
  2. In the left-side navigation pane, choose Network & Security > Security Groups.
  3. In the top navigation bar, select a region.
  4. On the Security Groups page, find the security group that you want to modify and click Modify in the Actions column.
  5. In the Modify Security Group dialog box, modify Security Group Name and Description.
  6. Click OK.

Modify the Internal access control policy of a security group

By default, Elastic Compute Service (ECS) instances within the same basic security group can communicate with each other over all protocols and ports. You can modify the Internal access control policy of the security group.
Note The internal access control policies of advanced security groups and managed security groups cannot be modified.
  1. Log on to the ECS console.
  2. In the left-side navigation pane, choose Network & Security > Security Groups.
  3. In the top navigation bar, select a region.
  4. On the Security Groups page, find the security group whose internal access control policy you want to modify and click the security group ID.
  5. In the Basic Information section, set Internal Access Control Policy as needed.
    • If Internal Access Control Policy is set to Allow, all instances within the security group can communicate with each other over the internal network by default. To isolate instances within this security group from each other, you can click Set to Deny to change the Internal Access Control Policy value to Deny. When Internal Access Control Policy is set to Deny and no other security group rules are added to the security group, all instances within this security group are isolated from each other over the internal network by default.
    • If Internal Access Control Policy is set to Deny, all instances within the security group cannot communicate with each other over the internal network by default. To allow mutual access between instances within this security group over the internal network, you can click Set to Allow change the Internal Access Control Policy value to Allow. When Internal Access Control Policy is set to Allow, instances within the security group can communicate with each other over the internal network by default regardless of custom security group rules.
  6. In the Modify Internal Access Control Policy message, click OK.