All Products
Search

This Product

    PrivateLink:Manage security groups

    Document Center

    PrivateLink:Manage security groups

    Last Updated:Nov 09, 2023

    After you create an endpoint for a virtual private cloud (VPC), you can add the endpoint to a security group. This way, you can manage the data transfer between the VPC and the endpoint elastic network interface (ENI). If you no longer need a security group, you can remove the endpoint from the security group.

    Operations

    Prerequisites

    • An endpoint is created. For more information, see Create and manage endpoints.

    • At least two security groups are created in the VPC of the endpoint, and the security group rules meet the following requirements:

      • If you want to create an interface endpoint, you can configure security group rules based on your requirements for business and security. We recommend that you configure the following security group rules:

        • A default inbound rule that allows Internet Control Message Protocol (ICMP) traffic to support operations such as pinging ECS instances.

        • A default inbound rule that allows traffic on SSH port 22 and Remote Desktop Protocol (RDP) port 3389 to access ECS instances.

        • (Optional) An inbound rule that allows traffic on HTTP port 80 and HTTPS port 443. This rule allows the VPC of the endpoint to access the VPC of the endpoint service over HTTP or HTTPS.

      • If you want to create a reverse endpoint, you must configure an inbound rule that allows all traffic. This means that you must allow all CIDR blocks to access all ports over all protocols.

      For more information, see Create a security group.

    Add an endpoint to a security group

    1. Log on to the endpoint console.

    2. In the top navigation bar, select the region where you want to create an endpoint.

    3. On the Endpoints page, find the endpoint that you want to manage and click its ID.

    4. On the details page of the endpoint, click the Security Group tab, and then click Join Security Group.

    5. In the Join Security Group dialog box, select a security group and click OK.

    Remove an endpoint from a security group

    Warning

    After you remove an endpoint from a security group, make sure that the endpoint is added to at least one security group.

    1. Log on to the endpoint console.

    2. In the top navigation bar, select the region where the endpoint is deployed.

    3. On the Endpoints page, find the endpoint that you want to manage and click its ID.

    4. On the details page of the endpoint, click the Security Group tab, find the security group that you want to manage, and then click Delete in the Actions column.

    5. In the Remove Security Group dialog box, click OK.

    References