Create and manage security group

A security group controls traffic for a connected network interface based on defined inbound and outbound rules. The following describes how to create and manage security groups in the VPC service.

Permissions

Based on the Role-Based Access Control (RBAC) with IAM, and all users can create and manage security groups.
You can check your IAM roles in KakaoCloud Console > Profile(Top Right) > Account info > IAM roles tab.
Security group rules are not applied to Bare Metal Server (BMS) instances, even if a security group is assigned. This feature will be supported in the future.

Create security group

You can create and attach a new security group to the network interface connected to your instance instead of the default security group. Generally, at least one security group must be configured for a network interface.

Go to KakaoCloud Console > Beyond Compute Service > VPC.
Click the Security Group menu, then click the [Create security group] button.
In the pop-up window, enter the required information.

Create security group

Category Description
Security group name Name of the security group
Description (Optional) Description of the security group
Applied policy Settings for inbound and outbound rules

Category	Description
Security group name	Name of the security group
Description (Optional)	Description of the security group
Applied policy	Settings for inbound and outbound rules

Click Add in the Inbound rules tab, then enter the required information.

Inbound rules

Category	Description
Protocol	Protocol for communication - Types: TCP / UDP / ICMP / ALL
Source	Allowable source IP or specify a security group using `@`
Port number	Port for communication - Enter the port number to allow (e.g. 80) - Enter the start and end of the range of ports to allow (e.g. 1000-2000)
Description (Optional)	Description of the policy

Click Add in the Outbound rules tab, and enter the required information for the outbound policy to register.

Outbound rules

Category	Description
Protocol	Protocol for communication - Types: TCP / UDP / ICMP / ALL
Destination	Desired destination IP or specify a security group using `@`
Port number	Port for communication - Enter the port number to allow (e.g. 80) - Enter the start and end of the range of ports to allow (e.g. 1000-2000)
Description (Optional)	Description of the policy

Click the [Create] button.

Manage security group

View security group list

To view a list of created security groups and their basic details.

Go to KakaoCloud Console > Beyond Compute Service > VPC

Click the Security Group menu, then view the currently created security groups.

Category	Description
Security group	Name of the security group
Created at	Creation date of the security group
[More] icon	Modify security group: Change the name and description of the security group Modify association: Manage instances and network interface connections Copy security group: Copy the security group Delete security group: Delete the security group

View security group details

View the details of a security group.

Go to KakaoCloud Console > Beyond Compute Service > VPC
Click the Security Group menu, then select a security group.
Check the information on the detailed page of the selected security group.

Copy security group

You can create a new security group by creating a copy of an existing one. When you copy a security group, the copy is created with the same inbound and outbound rules as the original security group.

Go to KakaoCloud Console > Beyond Compute Service > VPC
Click the Security Group menu, then select [More] icon > Copy security group.
In the pop-up window, enter the required information for the security group and inbound/outbound rules, then click the [Copy] button.

Delete security group

Remove unnecessary security groups, noting that the default security group cannot be deleted.

Go to KakaoCloud Console > Beyond Compute Service > VPC
In the Security Group menu, select [More] icon > Delete security group.
In the Delete security group pop-up window, enter the required information and click the [Delete] button.

Modify association

You can connect or manage resources such as instances to a security group.

Go to KakaoCloud Console > Beyond Compute Service > VPC
Click the Security Group menu, then click the [Modify association] button.
In the Modify association pop-up window, select/deselect instances and click the [Apply] button.

Modify policy

You can manage inbound and outbound rules of a security group.

Policy	Description
Inbound	Manages rules for protocol/port/IP CIDR ranges to allow packets entering resources linked to the security group
Outbound	Manages rules for protocol/port/IP CIDR ranges to allow packets leaving resources linked to the security group

Go to KakaoCloud Console > Beyond Compute Service > VPC
Click the Security Group menu, then select a security group.
Click the [Manage inbound rules] button in the Inbound rules tab or the [Manage Outbound Policy] button in the Outbound rules tab.
In the pop-up window, click Add to add inbound/outbound rules of the security group, and click the [Close] button.

Create security group​

Manage security group​

View security group list​

View security group details​

Copy security group​

Delete security group​

Modify association​

Modify policy​