Learn how to create a security group and configure it on a Public Cloud instance.
For security reasons, you can configure and use filtering rules that will define access to your instances. You can allow or block certain incoming or outgoing connections using security groups. These rules can be applied for traffic from certain IP addresses, or even for instances configured on particular security groups.
Requirements
- a Public Cloud project
- access to the Horizon interface
Instructions
Step 1: Creating a security group
Access the Horizon interface. Then choose the region in which you want to create a security group, via the button in the top left-hand corner.
Now expand the Network menu and click Security Groups.
A table lists the security groups created. The default group is already listed here. This will allow all incoming and outgoing traffic to pass through.
Automated tasks on the infrastructure can reset the default security group, so it is important not to change it.
OpenStack closes all access to instances by default. If you delete the "default" security group, you will need to create your own group, which will open access to your instances, and apply it every time you create an instance. In addition, the default group will be created again later by the automated tasks on the infrastructure.
To add a new security group, click the + Create Security Group button.
On the page that appears, give a name and description to the group you are about to create. Once you have done this, click the Create Security Group button.
Returning to the Security Groups tab, the table now displays the newly created group. Rules are configured by default. These allow only outgoing traffic to pass.
If you would like to modify these, go to the next step.
If you are satisfied with these rules, go to Step 3: Configure a security group on your instance.
Step 2: Configuring security group rules
Click the Manage Rules button.
If you have left the default rules on your security group, they will only let outgoing traffic pass through.
root@server:~$ ssh admin@149.xxx.xxx.177 ssh connect to host 149.xxx.xxx.177 port 22: Connection timed out
On the rules management page, you can:
- delete an existing rule: Use the
Delete Rulebutton. - add a new rule: use the
+ Add Rulebutton.
When you add a rule, you will need to fill in the information requested, and then click Add.
In our example, we will authorize the SSH connection to the instance.
Once you have added the new rule, wait a few minutes for it to take effect.
root@server:~$ ssh admin@149.xxx.xxx.177 Last login: Tue Oct 13 13:56:30 2015 from proxy-109-190-254-35.ovh.us admin@server1:~$
Configuring a security group on an instance
From the Horizon interface, expand the Compute menu and select Instances. From this page, create a new instance via the Launch Instance button.
When you create your instance, you can choose the new security group created in the previous step via the Security Groups menu.
You can apply a new security group to an instance that has already been created by clicking Edit Security Groups to the right of the instance.
Deleting a security group
To delete a security group, select it by ticking the corresponding box on the left, then click Delete Security Groups.
Go further
For more information and tutorials, please see our other Public Cloud support guides or explore the guides for other OVHcloud products and services.