You can use security group rules to control the access to public or internal networks of the ECS instances in a security group. To add security group rules, perform the steps on this procedure.


  • Ensure that you have created a security group. For more information, see Create a Security Group.
  • Ensure that you know which internal or public network requests need to be allowed or denied for your instance.


  1. Click Create Rules Now.
    The Security Group page appears.
  2. Click Add Security Group Rule.
    The Add Security Group Rule dialog box appears.
  3. From the Rule Direction drop-down menu, select Inbound.
    By default, all Outbound traffic is allowed.
  4. From the Action drop-down menu, select Allow.
  5. To allow inbound connectivity to your Edge, select Protocol Type and Port Range.
    The port range is based on the protocol type. The following are some of the examples:
    • VCMP: UDP port 2426
    • SSH: TCP port 22
    • SNMP UDP port 161
    • ICMP Request/Reply
  6. Select Authorization Type and Authorization Objects.
    The authorized IP address is based on the authorization type. For example, for IPv4 CIDR block, specifying will allow or deny all IP addresses, based on the authorization policy.
  7. Click OK.


Click the refresh icon to confirm that the security group rule is added. Changes to security group rules are automatically applied to Elastic Compute Service (ECS) instances in the security group.