...
There is a default security group that cannot be deleted, however it can have rules added and removed from it. Additional security groups can also be created depending on need. When a new Rapid Access Cloud account is created, the default security group has four rules. The Egress rules, traffic going out from the instance, is permitted to go out by default. The Ingress rules, traffic going in to the instance, is denied by default since it does not specify any network as seen in the Remote IP Prefix. Thus, a few rules are required to permit basic access.
| Warning | ||
|---|---|---|
| ||
We strongly advise against highly permissive security groups. Allowing access from any source (i.e. 0.0.0.0/0 or ::/0) means that anyone in the world can access your instance. We advise limiting the traffic to your instance to the smallest possible CIDR. Allowing access to all ports (port range 1 : 65535) means that anyone from the allowed CIDR can access all services on your instance - even services which should only be internal. For best practices, please read this informative blog on OpenStack Security. |
...