• Elastic Cloud Server

  1. Help Center
  2. Elastic Cloud Server
  3. User Guide
  4. Security Groups
  5. Configuring Security Group Rules

Configuring Security Group Rules


If you do not have a VPC configured when creating your first ECS, the system automatically creates a default VPC. The security group policy of a default VPC allows data exchange only within the security group. As a result, ECSs in a default security group cannot be accessed from an external network. To remotely access an ECS in such a security group, you must configure the inbound rules of the security group.


  1. Log in to the management console.
  2. Click in the upper left corner and select the desired region and project.
  3. Under Computing, click Elastic Cloud Server.
  4. On the Elastic Cloud Server page, click the name of the target ECS.

    The page providing details about the ECS is displayed.

  5. Click the Security Groups tab and view security group rules.
  6. Click the security group ID.

    The system automatically switches to the Security Group page.

  7. On the Inbound tab, click Delete in the Description column to delete the inbound rule.
  8. Click Add Rule to add an inbound rule for the security group.
    • To remotely access a Windows ECS, set Protocol/Application to TCP and Port to 3389, as shown in Figure 1.
      Figure 1 Configuring a security group rule for remote Windows access
    • To remotely access a Linux ECS, set Protocol/Application to TCP and Port to 22, as shown in Figure 2.
      Figure 2 Configuring a security group rule for remote Linux access
    • Set Source IP Address to the IP address segment containing the IP addresses that you want to allow to access the ECS over the Internet.

      The default source IP address indicates that all IP addresses can access ECSs in the security group.

  9. Click OK to complete the security rule configuration.