• Virtual Private Cloud

vpc
  1. Help Center
  2. Virtual Private Cloud
  3. User Guide
  4. Security
  5. Security Group Configuration Examples
  6. Security Group Configuration Example Overview

Security Group Configuration Example Overview

Common security group configuration examples are as follows:

  • Enable ECSs in different security groups to communicate with each other through an internal network.

    In this scenario, resources on an ECS associated with a security group need to be copied to another ECS associated with another security group. The two ECSs are in the same VPC. We recommend that you enable internal network communication between the ECSs and then copy resources.

    For details about security group configuration, see Enabling ECSs in Different Security Groups to Communicate with Each Other Through an Internal Network.

  • Enable specified IP addresses to remotely access ECSs in a security group.

    To prevent ECSs from being attacked, you can change the port number for remote login and configure security group rules that allow only specified IP addresses to remotely access the ECSs.

    For details about security group configuration, see Enabling Specified IP Addresses to Remotely Access ECSs in a Security Group.

  • Remotely connect to Linux ECSs using SSH.

    After creating Linux ECSs, you can add a security group rule to enable remote SSH access to the Linux ECSs.

    For details about security group configuration, see Remotely Connecting to Linux ECSs Using SSH.

  • Remotely connect to Windows ECSs using RDP.

    After creating Windows ECSs, you can add a security group rule to enable remote RDP access to the Windows ECSs.

    For details about security group configuration, see Remotely Connecting to Windows ECSs Using RDP.

  • Enable communication between ECSs.

    After creating ECSs, you need to add a security group rule so that you can run the ping command to test communication between the ECSs.

    For details about security group configuration, see Enabling Communication Between ECSs.

  • Host a website on ECSs.

    If you deploy a website on your ECSs and require that your website be accessed over HTTP or HTTPS, you can add the following rules to the security group used by the ECSs functions as the web servers.

    For details about security group configuration, see Hosting a Website on ECSs.

  • Enable an ECS to function as a DNS server.

    If you need to use an ECS as the DNS server, you must allow TCP and UDP access from port 53 to the DNS server. You can add the following rules to the security group associated with the ECS.

    For details about security group configuration, see Enabling an ECS to Function as a DNS Server.

  • Upload or download files using FTP.

    If you want to use File Transfer Protocol (FTP) to upload files to or download files from ECSs, you need to add a security group rule.

    For details about security group configuration, see Uploading or Downloading Files using FTP.