User Guide / Using VM Networking and Security
Parent topic: Using VM Networking and Security

Authorize Security Group Rules

By default, a security group prevents incoming network traffic from all sources. You can modify network rules and allow incoming traffic to security groups from specified sources using the euca-authorize command.

To authorize security group rules:

  1. Use euca-authorize to authorize port 22 access to your default group.
  2. Enter the following command: 
    euca-authorize -P <protocol> -p <port_number> \
-s <CIDR_source_network> <group_name>

The following example allows all incoming SSH traffic on port 22 to access to the security group mygroup. The CIDR source network, 0.0.0.0/0, refers to any source. 

euca-authorize -P tcp -p 22 -s 0.0.0.0/0 mygroup 
 GROUP	mygroup ↵
 PERMISSION	mygroup	ALLOWS	tcp	22	22	FROM	CIDR

Instead of specifying a CIDR source, you can specify another security group. The following example allows access to the security group mygroup from the someothergroup security group using SSH on port 22.

euca-authorize --source-group someothergroup \
--source-group-user someotheruser -P tcp -p 22 mygroup
Parent topic: Using VM Networking and Security
Copyright: © 2018 Eucalyptus Cloud
x