security group
A security group is a logical grouping that consists of instances of the same domain (Region) that have the same security requirements and trust each other. Each instance belongs to at least one security group and needs to be specified when it is created. The network is interoperable between instances within the same security group, and the default intranet is not communicated between instances of different security groups. Mutual visits between the two security groups can be authorized.
Security group is a kind of virtual firewall with stateful detection packet filtering function. The security group is used to set up the network access control of one or more cloud servers, which is an important network security isolation method, which is used to divide the security domain in the cloud.
Security group Restrictions
The number of instances within a single security group cannot exceed 1000. If you have more than 1000 instances where intranet visits are required, you can assign them to multiple security groups and allow mutual visits through mutually authorized means.
A maximum of 5 security groups can be added to each instance.
A maximum of 100 security groups per user.
Adjustment operations to security groups have no effect on the user's service continuity.
The security group is stateful. If the packet is allowed in the outbound direction, then the corresponding connection is allowed in the Inbound direction.
The network types of security groups are divided into classic networks and proprietary networks.
Instances of classic network types can join security groups of the classic network type under the same geographic (Region).
Instances of a proprietary network type can be joined to a security group under the same proprietary network (VPC).
Security group Rules
Security group rules allow or disallow access to the public network and intranet of the cloud server ECS instances associated with the security group.
You can authorize and revoke security group rules at any time. Your Change security group rule is automatically applied to the ECS instance associated with the security group.
When you set up security group rules, be aware of the following restrictions:
None of the rules in the security group can do this: Allow an ECS instance to be in the direction of access, but disallow the inbound orientation of an ECS instance. Vice versa.
The rules for security groups must be concise. If you assign more than one security group to an instance, the instance may apply up to hundreds of rules. When you access this instance, you may receive a problem with network problems.
Security Group Rule Restrictions
There are up to 100 security group rules per security group.