Security Groups
Stateful, instance-level firewalls that control inbound and outbound traffic using rules.
What are Security Groups?
Security Groups are collections of rules that define what traffic is allowed to and from your instances.
- Rules are directional: ingress (inbound) and egress (outbound)
- Each rule defines protocol, port, and ethertype (IPv4/IPv6)
- Apply one or more security groups to an instance to enforce least privilege
When to use them
- Allow SSH (22/tcp) to admin hosts while restricting other ports
- Expose web apps (80/443) but keep databases private
- Separate environments (dev/staging/prod) with different access policies
Features
- Create and delete security groups at any time
- Add rules for TCP, UDP, or both (TCP & UDP) with a single port selector
- Manage ingress and egress separately
Next: Step-by-step Guide
Looking for a hands-on walkthrough? See the guide:
- Go to the Security Groups Guide → Create groups and add firewall rules
Related links
- Compute → Launch instances
- Networking → Private networks and connectivity
- Storage → Persistent volumes