Security groups act as virtual firewalls and provide Stateful Packet Inspection (SPI) and packet filtering capabilities. You can use security groups to define security domains in the cloud. You can add security group rules to control inbound and outbound traffic for elastic container instances within security groups.
Introduction to security groups
A security group is a logically isolated group of instances that reside in the same virtual private cloud (VPC). All instances in a security group are mutually trusted and protected under the same security group rules. Security group rules control access to or from the Internet or internal network for the elastic container instances in the security group. For more information about security groups, see Overview.
Each security group can manage multiple elastic container instances within the same VPC.
Each elastic container instance must belong to a security group.
Security groups are classified into basic security groups and advanced security groups. If your business requires a large number of elastic container instances and high O&M efficiency, we recommend that you use advanced security groups. Compared with basic security groups, advanced security groups can accommodate more elastic container instances and make it easier to configure security group rules. For more information about the differences between the two types of security groups, see Basic security groups and advanced security groups.
Specify a security group
When you create an elastic container instance, you must assign a security group to the instance. This way, you add the instance to the security group. For information about how to create a security group, see Create a security group.
You cannot change the security group of an existing elastic container instance. To use an elastic container instance that belongs to a different security group, create an identical elastic container instance in that security group.
OpenAPI
When you call the CreateContainerGroup operation to create an elastic container instance, you can use the SecurityGroupId parameter to specify a security group. The following table describes the SecurityGroupId parameter. For more information, see CreateContainerGroup.
Parameter | Type | Example | Description |
SecurityGroupId | String | sg-uf66jeqopgqa9hdn**** | The ID of the security group. |
Console mode
When you create an elastic container instance on the buy page in the Elastic Container Instance console, you must specify a security group for the instance.
Add a security group rule
You can add a security group rule to an elastic container instance in a security group. The security group rule controls the access to the instance. Examples:
If the elastic container instance needs to communicate with a service outside the security group, you can add a security group rule to implement service interconnection.
When attacks that are performed by request sources are detected, you can add a security group rule to block access from the sources.
For more information, see Add a security group rule.