«Security groups» tab

Page is responsible for settings related to security and access control.

../../../../../_images/project_security_groups.png

Security groups list

Security group is set of rules that govern incoming packets for instance. Before starting, you can define group for each instance. Each security group can have many rules. Each rule defines IP/network, protocol type, destination ports, etc. Packets matching these parameters are allowed, and rest are blocked.

List contains the following information:
Field name Description
Name Group name can be specified by the user arbitrarily.
Security group ID Security group identifier.
Description Brief information about group. Field is filled in at will during creation of the group. Description is edited and in the subsequent use of security group.

Sorting and filtering tools are available for the list of security groups. Fields are sorted in ascending and descending order. It is also possible to sort the objects marked with check mark. Filtration is performed according to following parameters:

  • Name is name of security group. Incomplete input is allowed;
  • ID is identifier of security group. Incomplete input is allowed;
  • Description is description of security group. Incomplete input is allowed;
  • In use, - option displays assigned and unassigned security groups. Incomplete input is allowed. Possible input values are:
    • True, displaying of groups assigned to at least one instance;
    • False, displaying groups not assigned to any instance.
Following actions are available for security groups, depending on their status:
N Action Description
1 Create security group Adding security group with specific parameters.
2 Manage Rules Function allows to manage the rules of security group. Rule determines what traffic is allowed to the instance to which the security group is assigned.
3 Edit security group Editing name and description of security group.
4 Delete security group Deleting security group.

Actions for managing security groups are available for execution in relation to one selected group - by selecting the required action in the “Actions” field of the corresponding line in the list of all security groups.

Actions can also be triggered against multiple preselected security groups. To do this, you need to mark required objects and select group action.

Features of work

Adding security group

Function is available in the general list of security groups. It is carried out by filling data in the master window:

../../../../../_images/project_create_security_group.png

Security group creation window

  • Name is the name of security group in the format ASCII. This field is required;
  • Description is brief information about the security group.

Completion of the creation procedure is done by pressing button «Create security group».

Managing security group rules

Function alows to add or remove rules in the selected security group. In the general list of groups, select “Manage rules”. After that you will be redirected to the page:

../../../../../_images/project_manage_rules.png

Security group rules management page

List contains the following information:
Field name Description
Direction

Direction of the rule, two types differ:

  • Ingress;
  • Egress.
Ether Type Type of network used by the rule.
IP Protocol IP protocol used.
Port Range It specified when adding rule. It can have both specific port number and their range.
Remote IP Prefix Remote IP Prefix.
Remote Security Group Remote Security Group.
Description Description of security group.

Sort tool is available for all displayed fields. Fields are sorted in ascending and descending order.

Direct management of rules is available using the “Add Rule” and “Delete Rule” buttons located on the top panel of the page. When adding new rule, you must fill in the pop-up window and confirm the entry with the “Add” button:

../../../../../_images/project_manage_rules_add_rule.png

Add security group rules window