Modify the security group rules associated with an ECS instance to ensure network security - Elastic Compute Service

Improper configurations of security group rules can result in serious security risks. You can modify rules in a security group based on your business requirements to ensure the network security of Elastic Compute Service (ECS) instances in the security group. This topic describes how to modify a security group rule in the ECS console.

Procedure

Log on to the ECS console.
In the left-side navigation pane, choose Network & Security > Security Groups.
In the top navigation bar, select the region and resource group to which the resource belongs.
Find the security group whose rules you want to modify and click Manage Rules in the Actions column.
Select the direction of security group rules.
- If the security group resides in a virtual private cloud (VPC), click the Inbound or Outbound tab.
- If the security group resides in the classic network, click the Internet Ingress, Internet Egress, Inbound, or Outbound tab.
Find the security group rule that you want to modify and click Modify in the Actions column.
- For information about security group rules, see Security group rules.
- For information about how to use security group rules, see Typical applications of security group rules.
After you modify the security group rule, click Save.
Note
The modified security group rule immediately takes effect on the ECS instances in the security group.

References

You can call an API operation with the ID of a security group rule to modify the rule.
- To modify an inbound security group rule, call the ModifySecurityGroupRule operation.
- To modify an outbound security group rule, call the ModifySecurityGroupEgressRule operation.
After you modify security group rules, you may need to monitor network traffic and network connections to ensure that the modified rules meet your business requirements and help ensure network security. For more information, see What is CloudMonitor?.