Default Security Group and Rules¶
The system creates a default security group for each account. By default, the default security group rules:
Allow all outbound packets: Instances in the default security group can send requests to and receive responses from instances in other security groups.
Deny all inbound packets: Requests from instances in other security groups will be denied by the default security group.
Figure 1 shows the default security group.
Table 1 describes the rules for the default security group.
Direction | Protocol | Port/Range | Source/Destination | Description |
---|---|---|---|---|
Outbound | All | All | Destination: 0.0.0.0/0 | Allows all outbound traffic. |
Inbound | All | All | Source: the current security group (for example, sg-xxxxx) | Allows communications among ECSs within the security group and denies all inbound traffic (incoming data packets). |