Security Groups
Security groups control network access to your instances.
Use them to allow only the traffic your application needs.
1. Create a security group
Go to:
Menu → Network → Security Groups
Then:
- Click Create Group
- Enter a group name, for example
web-frontend - Optionally add a description
- Submit the form
2. Add rules
Rules define what traffic is allowed.
Go to:
Menu → Network → Security Groups → Actions → Manage Rules
Then:
- Click Create Rule
- Choose the direction
- Choose the protocol
- Enter the port
- Submit the form
Rule options
| Field | Description |
|---|---|
| Direction | ingress for incoming traffic, egress for outgoing traffic |
| EtherType | IPv4 or IPv6 |
| Port | Single port number from 1 to 65535 |
| Protocol | TCP, UDP, or TCP & UDP |
Selecting TCP & UDP creates two rules: one for TCP and one for UDP.
Common rules
| Use case | Direction | Port | Protocol |
|---|---|---|---|
| SSH | ingress | 22 | TCP |
| HTTP | ingress | 80 | TCP |
| HTTPS | ingress | 443 | TCP |
| Custom app | ingress | your app port | TCP or UDP |
3. Delete rules
To remove a rule:
- Open the rules list for the security group
- Open the actions menu for the rule
- Click Delete Rule
4. Attach security groups to instances
When creating an instance, select one or more security groups.
Rules apply to instances using that group.
Best practices
- Open only the ports your application needs
- Allow SSH only when needed
- Prefer specific rules over broad access
- Review unused rules regularly
Troubleshooting
Rule creation fails
Check that:
- Port is between
1and65535 - Required fields are selected
- Duplicate rules are not being created
Cannot connect to an instance
Check that:
- The correct security group is attached
- The rule direction is
ingress - The correct port is allowed
- The instance is running
SSH not working
Check that:
- Port
22is allowed - SSH was enabled during instance creation
- The correct keypair was selected
Related
Last updated on