Security Groups
Security groups control network access to your instances.
Use them to allow only the traffic your application needs.
With an agent (MCP)
Connect the redu MCP, then just ask your agent. Over the MCP, security groups are list-only: list_security_groups lets your agent list and inspect existing groups and their rules. When your agent launches an instance, it opens the SSH and app ports for you automatically, so most setups need no manual rule changes. To add or edit rules yourself, use the console steps below (there is no create-rule MCP tool yet).
1. Create a security group
Go to:
Menu → Network → Security Groups
Then:
- Click Create Group
- Enter a group name, for example
web-frontend - Optionally add a description
- Submit the form

2. Add rules
Rules define what traffic is allowed.
Go to:
Menu → Network → Security Groups → Actions → Manage Rules
Then:
- Click Create Rule
- Choose the direction
- Choose the protocol
- Enter the port
- Submit the form

Rule options
| Field | Description |
|---|---|
| Direction | ingress for incoming traffic, egress for outgoing traffic |
| EtherType | IPv4 or IPv6 |
| Port | Single port number from 1 to 65535 |
| Protocol | TCP, UDP, or TCP & UDP |
Selecting TCP & UDP creates two rules: one for TCP and one for UDP.
Common rules
| Use case | Direction | Port | Protocol |
|---|---|---|---|
| SSH | ingress | 22 | TCP |
| HTTP | ingress | 80 | TCP |
| HTTPS | ingress | 443 | TCP |
| Custom app | ingress | your app port | TCP or UDP |
3. Delete rules
To remove a rule:
- Open the rules list for the security group
- Open the actions menu for the rule
- Click Delete Rule

4. Attach security groups to instances
When creating an instance, select one or more security groups.
Rules apply to instances using that group.

Best practices
- Open only the ports your application needs
- Allow SSH only when needed
- Prefer specific rules over broad access
- Review unused rules regularly
Troubleshooting
Rule creation fails
Check that:
- Port is between
1and65535 - Required fields are selected
- Duplicate rules are not being created
Cannot connect to an instance
Check that:
- The correct security group is attached
- The rule direction is
ingress - The correct port is allowed
- The instance is running
SSH not working
Check that:
- Port
22is allowed - SSH was enabled during instance creation
- The correct keypair was selected