«Security groups» tab¶
Page is responsible for settings related to security and access control.
Security groups list¶
Security group is set of rules that govern incoming packets for instance. Before starting, you can define group for each instance. Each security group can have many rules. Each rule defines IP/network, protocol type, destination ports, etc. Packets matching these parameters are allowed, and rest are blocked.
| Field name | Description |
|---|---|
| Name | Group name can be specified by the user arbitrarily. |
| Security group ID | Security group identifier. |
| Description | Brief information about group. Field is filled in at will during creation of the group. Description is edited and in the subsequent use of security group. |
Sorting and filtering tools are available for the list of security groups. Fields are sorted in ascending and descending order. It is also possible to sort the objects marked with check mark. Filtration is performed according to following parameters:
- Name is name of security group. Incomplete input is allowed;
- ID is identifier of security group. Incomplete input is allowed;
- Description is description of security group. Incomplete input is allowed;
- In use, - option displays assigned and unassigned security groups. Incomplete input is allowed. Possible input values are:
- True, displaying of groups assigned to at least one instance;
- False, displaying groups not assigned to any instance.
| N | Action | Description |
|---|---|---|
| 1 | Create security group | Adding security group with specific parameters. |
| 2 | Manage Rules | Function allows to manage the rules of security group. Rule determines what traffic is allowed to the instance to which the security group is assigned. |
| 3 | Edit security group | Editing name and description of security group. |
| 4 | Delete security group | Deleting security group. |
Actions for managing security groups are available for execution in relation to one selected group - by selecting the required action in the “Actions” field of the corresponding line in the list of all security groups.
Actions can also be triggered against multiple preselected security groups. To do this, you need to mark required objects and select group action.
Features of work¶
Adding security group¶
Function is available in the general list of security groups. It is carried out by filling data in the master window:
Security group creation window¶
- Name is the name of security group in the format ASCII. This field is required;
- Description is brief information about the security group.
Completion of the creation procedure is done by pressing button «Create security group».
Managing security group rules¶
Function alows to add or remove rules in the selected security group. In the general list of groups, select “Manage rules”. After that you will be redirected to the page:
Security group rules management page¶
| Field name | Description |
|---|---|
| Direction | Direction of the rule, two types differ:
|
| Ether Type | Type of network used by the rule. |
| IP Protocol | IP protocol used. |
| Port Range | It specified when adding rule. It can have both specific port number and their range. |
| Remote IP Prefix | Remote IP Prefix. |
| Remote Security Group | Remote Security Group. |
| Description | Description of security group. |
Sort tool is available for all displayed fields. Fields are sorted in ascending and descending order.
Direct management of rules is available using the “Add Rule” and “Delete Rule” buttons located on the top panel of the page. When adding new rule, you must fill in the pop-up window and confirm the entry with the “Add” button:
Add security group rules window¶