Avi Load Balancer manages the creation, modification, and deletion of security groups (SG) in Amazon Web Services (AWS). This topic discusses how to use security groups on the Avi Load Balancer to achieve additional flexibility and security in AWS cloud deployments.

By default, the Avi Load Balancer creates one security group (SG) per SE on AWS. This SG manages the ingress/egress rules for the SE’s management and data plane traffic. In certain customer environments, it may be required to provide custom SGs to be associated with the SEs management and or data plane vNICs.

For more information on the recommended security groups for AWS deployment, see Recommended Security Group Rules for AWS Deployment.