Security Groups

A Security Group defines inbound and outbound traffic rules for resources like VMs.

  • Acts like a virtual firewall

  • Attached at a VPC level but to a VM

In the same analogy of VPC to a neighborhood, assume that you are putting a security guard in front of your houses (VMs in this case) who decides who goes into the house or can come out of the house; that’s exactly a security group. The simplest use of security groups is to enable inbound and outbound traffic through ports (Port 22, 8080, etc).

Please note that Port 22 or SSH protocol should be enabled if you want to SSH into the VMs

Creating a Security Group

  1. Navigate to Networking > Security Groups

  2. Click "Create Security Group"

  3. Fill in:

    • Name

    • Description

    • VPC (required)

    • Define Inbound Rules:

      • Protocol

      • Port Range

        • Based on the selected protocols, the standard defined port ranges will be auto-selected

        • You can skip the protocol and just mention the port ranges

        • All port ranges should be mentioned in comma comma-separated list. E.g.; 22, 80, 8080, 1205-1250

        • You can define as many ports as you want, unless a protocol is selected

      • Remote IP Prefix

    • Define Outbound Rules (similar)

    • If no rules are mentioned, then by default all traffic will be allowed in through the security group

  4. Click "Create Security Group"

Editing a Security Group

  1. Click the three-dot menu > Edit

  2. Name and VPC are not editable

  3. All other fields (description, rules) can be changed

  4. You can define new rules or edit existing rules or delete existing rules

  5. Save changes

Deleting a Security Group

  1. Click the three-dot menu > Delete

  2. Confirm deletion in the pop-up

  3. Upon confirmation, SG is deleted

Billing and Pricing

All Security groups are free and would not be chargeable.

Protocols & Standard Port Ranges

Protocol

Port(s)

Direction

Use Case

All

0-65535

Inbound/Outbound

Allows all traffic. Use with caution.

TCP

0-65535 (customizable)

Inbound/Outbound

Reliable communication (used by HTTP, SSH, RDP, etc.)

UDP

0-65535 (customizable)

Inbound/Outbound

Fast, connectionless (used by DNS, NTP, video/audio streaming)

DNS

UDP 53 / TCP 53

Both

Domain name resolution

HTTP

TCP 80

Inbound

Unencrypted web traffic

HTTPS

TCP 443

Inbound

Encrypted web traffic

ICMP

N/A (uses Type/Code)

Both

Used for ping, traceroute

FTP

TCP 20 (data), 21 (control)

Inbound

File transfer protocol

SSH

TCP 22

Inbound

Secure shell remote login

IMAP

TCP 143

Inbound

Email retrieval

IMAPS

TCP 993

Inbound

Secure email retrieval

LDAP

TCP 389

Inbound

Directory services

MSSQL

TCP 1433

Inbound

Microsoft SQL Server

MYSQL

TCP 3306

Inbound

MySQL database

POP3

TCP 110

Inbound

Email retrieval (older protocol)

POP3S

TCP 995

Inbound

Secure version of POP3

RDP

TCP 3389

Inbound

Remote Desktop Protocol (Windows)

SMTP

TCP 25

Inbound/Outbound

Email sending (often blocked by ISPs)

SMTPS

TCP 465

Inbound

Secure SMTP

Notes:

  • All: Opens all ports/protocols – best avoided unless debugging in a secure environment.

  • ICMP: Doesn’t use ports. Controlled by ICMP types like Echo Request (type 8), Echo Reply (type 0).

  • Custom Rules: You can specify any protocol and port range manually using TCP/UDP.

  • Ports above 1024 are generally considered ephemeral or for custom application use.

Last updated

Was this helpful?