Skip to content

Managing Security Group Rules

Security group rules define what traffic is allowed to and from your instances. This guide explains how to manage these rules effectively.

Understanding Rule Components

Each security group rule consists of:

  • Direction: Inbound (ingress) or Outbound (egress)
  • Protocol: TCP, UDP, ICMP, or All
  • Port Range: Single port or range of ports
  • Source/Destination: IP range (CIDR) or another security group
  • Description: Optional text explaining the rule's purpose

Adding Rules

  1. Navigate to the security group details page
  2. Click Add Rule
  3. Select the rule direction (Inbound or Outbound)
  4. Choose the protocol type
  5. Specify the port range
  6. Set the source/destination
  7. Add a description (recommended)
  8. Click Add Rule to save

Rule Configuration Examples

Inbound Rules

Web Access
- Direction: Inbound
- Protocol: TCP
- Port Range: 80,443
- Source: 0.0.0.0/0
- Description: Allow HTTP/HTTPS from anywhere

SSH Access
- Direction: Inbound
- Protocol: TCP
- Port Range: 22
- Source: Your office IP range
- Description: Allow SSH from office

Database Access
- Direction: Inbound
- Protocol: TCP
- Port Range: 3306
- Source: Web server security group
- Description: Allow MySQL from web servers

Outbound Rules

General Internet Access
- Direction: Outbound
- Protocol: All
- Port Range: All
- Destination: 0.0.0.0/0
- Description: Allow all outbound traffic

External Database Access
- Direction: Outbound
- Protocol: TCP
- Port Range: 5432
- Destination: Database security group
- Description: Allow PostgreSQL connections to DB servers

Email (SMTP) Access
- Direction: Outbound
- Protocol: TCP
- Port Range: 587
- Destination: 0.0.0.0/0
- Description: Allow email sending via SMTP

Modifying Rules

  1. Find the rule you want to modify
  2. Click the Edit button (pencil icon)
  3. Make your changes
  4. Click Save to apply the modifications

Deleting Rules

  1. Locate the rule you want to remove
  2. Click the Delete button (trash icon)
  3. Confirm the deletion

Troubleshooting Common Issues

Connection Problems

If instances can't communicate:

  1. Verify required ports are open in both directions
  2. Check if the correct protocols are allowed
  3. Confirm IP ranges or security group references are correct
  4. Ensure rules haven't been modified recently