Configure a security group
Overview
This topic describes how to configure a security group to control the inbound and outbound traffic of Elastic Compute Service (ECS) instances in the security group after an IPsec-VPN connection is created.
Procedure
- On the VPN Gateways page, click the IPsec Connections tab.
- On the IPsec Connections page, click the Configure routing security groups button.
- On the Configure routing security groups section, configure the parameters.
| Parameter | Description |
|---|---|
| Security Group | Select the security group to which you want to add the security group rule. |
| Regular direction | Select the direction to which the security group rule applies. ● Out direction: controls data transfer from the ECS instances in the security group to the Internet or other ECS instances. ● Inbound direction: controls data transfer from the Internet or other ECS instances to the ECS instances in the security group. |
| Authorization policy | Specify the action to be performed on the requests that match the rule. ● Allow : accepts requests. ● Deny : denies requests without returning a response. If two security group rules use the same settings except for the action, the Deny action prevails over the Allow action. |
| Protocol type | Select a protocol for the security group rule. |
| Port range | Enter a port range for the security group rule. Valid values: -1 and 1 to 65535. You cannot enter only -1. Examples: 1/200 specifies ports 1 to 200. 80/80 specifies port 80. -1/-1 specifies all ports. |
| Priority | Set the priority of the rule. Valid values: 1 to 100. The default value is 1, which indicates the highest priority. |
| Authorization Type | Specify the type of addresses that the security group rule allows or denies. Only Address segment access is supported. |
| NIC Type | Specify the type of data transfer that the security group rule controls. ● Internal : controls data transfer within stack. ● External : controls data transfer over the Internet. |
| Authorization object | Specify the CIDR blocks that you want the security group rule to allow or deny. You can specify at most 10 CIDR blocks. |
| Automatic routing | Specify whether to automatically advertise routes. This feature is disabled by default. |
| Description | Enter a description for the security group rule. This parameter is optional. If you enter a description, the description must be 2 to 256 characters in length, and cannot start with http:// or https://. |
- On the Configure routing security groups section, click the OK button.
