Creating a Security Group
You can create custom security groups for use either in the public Cloud or in a specified Virtual Private Cloud (VPC). You then need to add appropriate rules to your security group according to your needs and your architecture.
Since it is recommended to use an instance for one service only, we recommend creating one security group per service, with the appropriate rules, and associating the security group with all instances dedicated to this service. You can then allow inbound and outbound flows between security groups depending on which services need to communicate with one another in order to apply these rules to all the instances concerned.
Creating a Security Group Using Cockpit v1
Before you begin:
|
-
Click Network/Security > Security Groups.
-
Click Create .
The CREATE SECURITY GROUP dialog box appears. -
Type the following information:
-
In the Name field, a unique name for the security group.
-
In the Description field, a description of the security group.
-
The name must be unique in your account for the public Cloud or for each VPC.
-
The name of the security group must not start with
sg-
. -
Each name and description can contain between 1 and 255 characters. Allowed characters are a-z, A-Z, 0-9, spaces, and _.-:/()#,@[]+=&;\{}!$*.
Give your security groups explicit names so that their purpose is understood more easily. You can for example use names in the application-environment-role format:
-
website-all-bastion
-
website-front-lb
-
website-middle-app
-
website-back-db
-
-
-
To choose between the public Cloud and a VPC, do one of the following:
-
To create a security group for the public Cloud, leave the No VPC box checked in the VPC list.
-
To create a security group for a VPC, click the corresponding VPC in the VPC list.
-
-
Click Create to validate.
The security group is created and appears on the Security Groups page.Cockpit lets you create one custom security group when launching an instance. For more information, see Creating / Launching Instances.
Creating a Security Group Using Cockpit v2-beta
Before you begin:
|
-
In the Security Groups dashboard, click
Create Security Group.
The CREATE SECURITY GROUP dialog box appears. -
In the Name field, type a name for the security group.
-
The name must be unique in your account for the public Cloud or for each Net.
-
The name of the security group must not start with
sg-
or with a space character. -
This name must contain between 1 and 255 ASCII printable characters. Accented letters are not allowed.
Give your security groups explicit names so that their purpose is understood more easily. You can for example use names in the application-environment-role format:
-
website-all-bastion
-
website-front-lb
-
website-middle-app
-
website-back-db
-
-
In the Description field, type a description of the security group.
This name must contain between 1 and 255 ASCII printable characters.
-
In the Net list, do one of the following:
-
To create a security group for the public Cloud, select No Net in the Net list.
-
To create a security group for a Net, select the corresponding Net in the Net list.
-
-
Click Create.
The security group is created.
Creating a Security Group Using OSC CLI
Before you begin:
|
See the CreateSecurityGroup command sample in the documentation of the OUTSCALE API. |
Creating a Security Group Using AWS CLI
Before you begin:
|
To create a security group, use the create-security-group command following this syntax:
$ aws ec2 create-security-group \
--profile YOUR_PROFILE \
--group-name my-security-group \
--description SECURITY_GROUP_DESCRIPTION \
--vpc-id vpc-12345678 \
--endpoint https://fcu.eu-west-2.outscale.com
This command contains the following attributes that you need to specify:
-
(optional)
profile
: The named profile you want to use, created when configuring AWS CLI. For more information, see Installing and Configuring AWS CLI. -
group-name
: A unique name for the security group. -
description
: A description of the security group.-
The name must be unique in your account for the public Cloud or for each VPC.
-
The name of the security group must not start with
sg-
. -
Each name and description can contain between 1 and 255 characters. Allowed characters are a-z, A-Z, 0-9, spaces, and _.-:/()#,@[]+=&;\{}!$*.
-
-
(optional)
vpc-id
: The ID of the VPC you want to create the security group for.This attribute is required when creating a security group for a VPC.
-
endpoint
: The endpoint corresponding to the Region you want to send the request to.
The create-security-group command returns the following element:
-
GroupId
: The ID of the newly created security group.
{
"GroupId": "sg-12345678"
}
The security group is created.
Related Pages
Corresponding API Methods
AWS™ and Amazon Web Services™ are trademarks of Amazon Technologies, Inc or its affiliates in the United States and/or other countries.