Security Group and Rules Reference

Creating a security group

You can create a custom security group using one of the following methods.

To create a security group

  1. Open the Nobus Console

  2. In the navigation pane, goto Project > Network >Security Groups

  3. Choose Create security group.

  4. In the details section, do the following.

    1. Enter a name and brief description for the security group.

    2. For Datacenter, choose the Datacenter in which to create the security group. The security group can only be used in the Datacenter in which it is created.

  5. You can add security group rules now, or later, after creation. For more information about adding security group rules, see Adding rules to a security group.

  6. Click Create.

Copying a security group

You can create a new security group by creating a copy of an existing one. When you copy a security group, the copy is created with the same inbound and outbound rules as the original security group. If the original security group is in a Datacenter, the copy is created in the same Datacenter unless you specify a different one.

The copy receives a new unique security group ID and you must give it a name. You can also add a description.

You can create a copy of a security group using one of the following methods.

To copy a security group

  1. Open the Nobus Console

  2. In the navigation pane, goto Project > Network >Security Groups

  3. Select the security group to copy and choose Actions, Copy to new security group.

  4. Specify a name and optional description, and change the Datacenter and security group rules if needed.

  5. Choose Create.

Viewing your security groups

You can view information about your security groups using one of the following methods.

To view your security groups

  1. Open the Nobus Console

  2. In the navigation pane, goto Project > Network >Security Groups

  3. Your security groups are listed. To view the details for a specific security group, including its inbound and outbound rules, choose its ID in the Security group ID column.

Adding rules to a security group

When you add a rule to a security group, the new rule is automatically applied to any instances that are associated with the security group. There might be a short delay before the rule is applied. For more information about choosing security group rules for specific types of access, see Security group rules reference.

You can add rules to a security group using one of the following methods.

To add an inbound rule to a security group

  1. Open the Nobus Console

  2. In the navigation pane, goto Project > Network >Security Groups

  3. In the list, select the security group and choose Actions, Edit inbound rules.

  4. Choose Add rule and do the following.

    1. For Type, choose the type of protocol to allow.

      • If you choose a custom TCP or UDP protocol, you must manually enter the port range to allow.

      • If you choose a custom ICMP protocol, you must choose the ICMP type name from Protocol, and, if applicable, the code name from Port range.

      • If you choose any other type, the protocol and port range are configured automatically.

    2. For Source, do one of the following.

      • Choose Custom and then enter an IP address in CIDR notation, a CIDR block, or another security group from which to allow inbound traffic.

      • Choose Anywhere to allow all inbound traffic of the specified protocol to reach your instance. This option automatically adds the 0.0.0.0/0 IPv4 CIDR block as an allowed source. This is acceptable for a short time in a test environment, but it's unsafe for production environments. In production, authorize only a specific IP address or range of addresses to access your instance.

        If your security group is in a Datacenter that's enabled for IPv6, this option automatically adds a second rule for IPv6 traffic (::/0).

      • Choose My IP to allow inbound traffic from only your local computer's public IPv4 address.

    3. For Description, optionally specify a brief description for the rule.

  5. Choose Preview changes, Save rules.

To add an outbound rule to a security group

  1. Open the Nobus Console

  2. In the navigation pane, goto Project > Network >Security Groups

  3. In the list, select the security group and choose Actions, Edit outbound rules.

  4. Choose Add rule and do the following.

    1. For Type, choose the type of protocol to allow.

      • If you choose a custom TCP or UDP protocol, you must manually enter the port range to allow.

      • If you choose a custom ICMP protocol, you must choose the ICMP type name from Protocol, and, if applicable, the code name from Port range.

      • If you choose any other type, the protocol and port range are configured automatically.

    2. For Destination, do one of the following.

      • Choose Custom and then enter an IP address in CIDR notation, a CIDR block, or another security group for which to allow outbound traffic.

      • Choose Anywhere to allow outbound traffic to all IP addresses. This option automatically adds the 0.0.0.0/0 IPv4 CIDR block as an allowed source.

        If your security group is in a Datacenter that's enabled for IPv6, this option automatically adds a second rule for IPv6 traffic (::/0).

      • Choose My IP to allow outbound traffic only to your local computer's public IPv4 address.

    3. For Description, optionally specify a brief description for the rule.

  5. Choose Preview changes, Confirm.

Updating Security Group Rules

You can update a security group rule using one of the following methods.

When you modify the protocol, port range, or source or destination of an existing security group rule using the console, the console deletes the existing rule and adds a new one for you.

To update a security group rule

  1. Open the Nobus Console

  2. In the navigation pane, goto Project > Network >Security Groups

  3. Select the security group to update, choose Actions, and then choose Edit inbound rules to update a rule for inbound traffic or Edit outbound rules to update a rule for outbound traffic.

  4. Update the rule as required and then choose Preview changes, Confirm.

Deleting rules from a security group

When you delete a rule from a security group, the change is automatically applied to any instances associated with the security group.

You can delete rules from a security group using one of the following methods.

To delete a security group rule

  1. Open the Nobus Console

  2. In the navigation pane, goto Project > Network >Security Groups

  3. Select the security group to update, choose Actions, and then choose Edit inbound rules to remove an inbound rule or Edit outbound rules to remove an outbound rule.

  4. Choose the remove button to the right of the rule to delete.

  5. Choose Preview changes, Confirm.

Deleting a security group

You can't delete a security group that is associated with an instance. You can't delete the default security group. You can't delete a security group that is referenced by a rule in another security group in the same Datacenter. If your security group is referenced by one of its own rules, you must delete the rule before you can delete the security group.

To delete a security group

  1. Open the Nobus Console

  2. In the navigation pane, goto Project > Network >Security Groups

  3. Select the security group to delete and choose Actions, Delete security group, Delete.

Security group rules reference

You can create a security group and add rules that reflect the role of the instance that's associated with the security group. For example, an instance that's configured as a web server needs security group rules that allow inbound HTTP and HTTPS access. Likewise, a database instance needs rules that allow access for the type of database, such as access over port 3306 for MySQL.

The following are examples of the kinds of rules that you can add to security groups for specific kinds of access.

Examples of Security Group Rules