Default Security Group and Rules

The system creates a default security group for each account. By default, the default security group rules:

  • Allow all outbound packets: Instances in the default security group can send requests to and receive responses from instances in other security groups.

  • Deny all inbound packets: Requests from instances in other security groups will be denied by the default security group.

Figure 1 shows the default security group.

**Figure 1** Default security group

Figure 1 Default security group

Table 1 describes the rules for the default security group.

Table 1 Default security group rules

Direction

Protocol

Port/Range

Source/Destination

Description

Outbound

All

All

Destination: 0.0.0.0/0

Allows all outbound traffic.

Inbound

All

All

Source: the current security group (for example, sg-xxxxx)

Allows communications among ECSs within the security group and denies all inbound traffic (incoming data packets).