After you create a security group, you can add, update, and delete its security group rules. When you add, update, or delete a rule, the change is automatically applied to the resources that are associated with the security group.
Required permissionsBefore you begin, ensure that you have the required permissions. For more information, see Manage security group rules.
Sources and destinationsYou can specify the following as sources for inbound rules or destinations for outbound rules.
Custom â A IPv4 CIDR block, and IPv6 CIDR block, another security group, or a prefix list.
Anywhere-IPv4 â The 0.0.0.0/0 IPv4 CIDR block.
Anywhere-IPv6 â The ::/0 IPv6 CIDR block.
My IP â The public IPv4 address of your local computer.
If you choose Anywhere-IPv4, you allow traffic from all IPv4 addresses. If you choose Anywhere-IPv6, you allow traffic from all IPv6 addresses. It is a best practice to authorize only the specific IP address ranges that need access to your resources.
To configure security group rules using the consoleOpen the Amazon VPC console at https://console.aws.amazon.com/vpc/.
In the navigation pane, choose Security groups.
Select the security group.
To edit the inbound rules, choose Edit inbound rules from Actions or the Inbound rules tab.
To add a rule, choose Add rule and enter the type, protocol, port, and source for the rule.
If the type is TCP or UDP, you must enter the port range to allow. For custom ICMP, you must choose the ICMP type name from Protocol, and, if applicable, the code name from Port range. For any other type, the protocol and port range are configured for you.
To update a rule, change its protocol, description, and source as needed. However, you can't change the source type. For example, if the source is an IPv4 CIDR block, you can't specify an IPv6 CIDR block, a prefix list, or a security group.
To delete a rule, choose its Delete button.
To edit the outbound rules, choose Edit outbound rules from Actions or the Outbound rules tab.
To add a rule, choose Add rule and enter the type, protocol, port, and destination for the rule. You can also enter an optional description.
If the type is TCP or UDP, you must enter the port range to allow. For custom ICMP, you must choose the ICMP type name from Protocol, and, if applicable, the code name from Port range. For any other type, the protocol and port range are configured for you.
To update a rule, change its protocol, description, and source as needed. However, you can't change the source type. For example, if the source is an IPv4 CIDR block, you can't specify an IPv6 CIDR block, a prefix list, or a security group.
To delete a rule, choose its Delete button.
Choose Save rules.
Create a security group
Delete a security group
Did this page help you? - Yes
Thanks for letting us know we're doing a good job!
If you've got a moment, please tell us what we did right so we can do more of it.
Did this page help you? - No
Thanks for letting us know this page needs work. We're sorry we let you down.
If you've got a moment, please tell us how we can make the documentation better.
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4