Something went wrong
Select the location where you want to create your security group.
Details
If your user tags are billing related, consider writing tags as key:value pairs, such ascostctr:124
User tags are visible account-wide. Avoid including sensitive data in the tag name.Learn more
Rules
Inbound rules
Click to sort rows by Protocol header in ascending order | Click to sort rows by Source type header in ascending order | Source | Click to sort rows by Destination type header in ascending order | Destination | Value | |
|---|---|---|---|---|---|---|
Outbound rules
Click to sort rows by Protocol header in ascending order | Click to sort rows by Source type header in ascending order | Source | Click to sort rows by Destination type header in ascending order | Destination | Value | |
|---|---|---|---|---|---|---|
Attaching virtual server interfaces
Instance name | Attached interfaces |
|---|---|
Attaching bare metal interfaces
Server name | Attached interfaces |
|---|---|
Attaching load balancers
Name | Status | Type | Attached subnets | Hostname | Attached security groups |
|---|---|---|---|---|---|
Attaching virtual private endpoint gateways
Name | Service | Service endpoint | IP addresses | Attached security groups |
|---|---|---|---|---|
Attaching VPN servers
Name | Lifecycle status | Health status | Virtual private cloud | Attached security groups |
|---|---|---|---|---|
Attaching file share mount targets
Name | Subnet | Status | File share | Reserved IP | Attached security groups | Encryption in transit |
|---|---|---|---|---|---|---|
Summary
Security groups give you a convenient way to apply security rules that establish filtering to each network interface of a virtual server instance, based on its IP address. When you create a security group, you configure it to create the network traffic patterns you want. By default, a security group denies all traffic. As rules are added to a security group, it defines the traffic that the security group permits.
Features
Rules
Every security group consists of a set of rules. The security group examines all its rules before allowing any traffic to enter or leave the instance. The rules that are used to control the inbound traffic are independent of the rules that are used to control the outbound traffic. Because an instance can have multiple security groups associated with it, all the rules from each security group associated with the instance are combined to form a single set of rules. This set of rules is used to determine whether the traffic should be denied or allowed into the instance.
Stateful
Reverse traffic in response to allowed traffic is automatically permitted, meaning that you don't need to add rules for return. For example, if you create a rule to allow inbound TCP traffic on port 80, the rule also allows replying to outbound TCP traffic on port 80 back to the originating host, without the need for another rule.
Scoped to a single VPC
A security group can be attached only to network interfaces of instances within the same VPC. When an instance is created and no security groups are specified, the instance's primary network interface is attached to the default security group of that instance's VPC.
Associated targets
Targets that can be associated to a security group include a network interface, a VPN server, an application load balancer, and an endpoint gateway.
Comparison to Access Control Lists (ACLs)
Network ACLs are applicable at the subnet level, so any instance (for example, a virtual server instance) in the subnet with an associated ACL will follow rules of the ACL. Security groups must be assigned explicitly to the instance. Also, unlike ACLs, a security group can be applied to multiple instances across subnets and even across zones.
Summary
- 1Security groupprovided