Create Security Group

The users can create a security group in the VPC network by the console. The rules for creation of a security group are as follows:

• Each default VPC can create a maximum of 100 security groups;
• Each common VPC can create a maximum of 20 security groups;
• Each BCC instance can associate with up to 10 security groups. If certain BCC instance associates with multiple security groups, the rule by which the BCC instance takes effect is that the instance has associated with the collection of all rules for the security groups.
• When the security group quota is used up, the button is greyed out, and the creation is unavailable;
• When a security group is created, you can set the detailed rules by the "Ingress" and "Egress" tab page of "Port Setting".
• Each security group allows the addition of a maximum of 50 ingress rules and 50 egress rules.
• Each vpc automatically creates one default security group. By default, the security group cannot be deleted, but can be added, deleted and changed. Only the security group provides the "One key Recovery of Initial Setting" button by default.

Operation Steps

1.Select "Product Service > Virtual Private Cloud (VPC)" to enter the interface of "VPC Instance List".

2.In the left navigation bar, select "Security Group", and set the cloud service security group rules in the current network.

3.Click "Create a Security Group" to enter the interface of "Create a Security Group".

4.Enter the security group name and description as required.

5.Select the port setting mode, and set the ingress and egress rules as two independent tab pages. The rule setting modes are as follows:

• The "Allow Access to All Ports" is in the "OFF" status. Select "Add Rules" to set the ingress and egress rules. When you set the rules, you can select the shortcut template at the right side for quick settings.

• When the "Allow Access to All Ports" is in the "OFF" status, and no rules are added, this may cause the cloud server to fail to communicate with the outside. At this time, you can only access the cloud server remotely by VNC, so be careful when you select the option.
• When "Allow Access to All Ports" is in the "ON" status. This completely exposes all service ports of the cloud server to the network environment. At this time, you may face certain security risks, so be careful when you select the option.

Note:

When a rule is added, if the security group is selected for Source or Target, it means that the source IP or destination IP is the intranet IP of the instance which is associated to the security group.

6.Click "Confirm", the page of "Security Group Details" pops up, and the security group is created.

Edit Security Group

Application Scenarios

You can use this function when you modify the security group rules or change the security group name and the description information.

Note:

In order to guarantee the system security, we recommend users not to change the relevant configurations of "Default Security Group". If you need security group mechanisms with other permissions, you can create a security group and bind it to the instances of the cloud service.

Relevant Rules

The users can edit the information such as the security group name, description, port setting and associated server.

Operation Steps

1.Select "Product Service > Virtual Private Cloud (VPC)" to enter the interface of "VPC Instance List".

2.Select the "Security Group" in the left navigation bar.

3.Click the security group name to enter the details interface of the security group.

4.In view of the "Protocol" requiring the modification of rules, click the "Edit" key behind the corresponding operation to make modification.

Copy Security Group

Application Scenarios

The users can quickly create a set of security groups with the same rules by the function of copying security groups.

Relevant Rules

• The users can customize the security group name.
• The security groups cannot be replicated when the security group quota reaches 20.

Operation Steps

1.Select "Product Service > Virtual Private Cloud (VPC)" to enter the interface of "VPC Instance List".

2.Select the "Security Group" in the left navigation bar to enter the page of the security group list.

3.Behind the "Security Group Name" to be replicated, click the "Copy" key in the "Operate" column. The interface of "Copy Security Group" pops up.

4.Click "Confirm" to copy the security group information.

Delete Security Group

Application Scenarios

When the user doesn't need the security group, the security group can be deleted.

Relevant Rules

The users can directly delete the custom security groups which are not associated; the associated security groups can be deleted only after being disassociated.

Operation Steps

1.Select "Product Service > Private Network VPC" to enter the interface of "VPC Instance List".

2.Select the "Security Group" in the left navigation bar to enter the page of the security group list.

3.Check the "Security Group Name" to be deleted, and Click "Delete" button.

4.(Optional) To disassociate the cloud server instances, refer to [Disassociate a Security Group](#Disassociate a Security Group) for details.

5.For the unassociated security group, click "Confirm" to directly delete the information of the security group.

Note: The users can also delete the security groups in batch. In the security group list, select the security group to be deleted, and then Click "Delete".

Associate Security Group

Application Scenarios

After creating a security group, the users should also associate the security group to the corresponding cloud server, so the cloud server can only realize the network access control function according to the security group rules. Currently, the Baidu Cloud Compute (BCC) and exclusive server DCC can execute the operation of associating security groups. Take the BCC association as an example, the detailed operations are provided for reference.

Relevant Rules

The users can check one or more instances from the BCC instance list, and click "Associate a Security Group" button to associate the corresponding instance to one or more security groups. If the instance is associated to multiple security groups, the BCC instance is restricted by the rules of these security groups.

Operation Steps

1. Select "Product Service > Baidu Cloud Compute (BCC)" to see the cloud server list created by the user.
2. Select the instance to be associated to the security group. When you check multiple instances, the system associate the instances in batch.
3. Click "Associate a Security Group" button, and the dialog box of "Associate a Security Group" pops up.
4. Select the name of the security group to be associated.
5. Click "Confirm" to associate the cloud server instance to the security group.

Disassociate Security Group

Application Scenarios

When one BCC instance should switch to other security groups, its association relation with the original security group should be cancelled. One BCC instance must be associated to at least one security group.

Relevant Rules

• The association between the security group and the instance should be cancelling when the security group is deleted.
• When one BCC instance is associated to only one security group, the security group cannot be disassociated.

Operation Steps

1. Select "Product Service > Baidu Cloud Compute (BCC)" to enter the interface of "Instance List".
2. Under the "Instance Name", select the corresponding links to enter the tab page of "Instance Details".
3. Select the tab page of "Security Group", pull down the page to the region of "List of Associated Security Groups".
4. Click "Disassociate" to cancel the association between the instance and the corresponding security group.