Security Groups act as a virtual firewall for your instances to control inbound and outbound traffic. Unlike traditional firewalls, security group rules are applied at the instance level, not the subnet level.

Creating a Security Group

To create a new security group in Skyline:

  1. Navigate to Network > Security Groups in the left sidebar.
  2. Click the Create Security Group button.
  3. In the dialog that appears:
    • Name: Enter a descriptive name for your security group (e.g., web-server-sg).
    • Description: Optionally, add a description to explain the group’s purpose.
  4. Click OK to create the group.

[NOTE] New security groups start with default rules that allow all outbound traffic but deny all inbound traffic. You must explicitly add rules to allow incoming connections.

Managing Security Group Rules

Once a security group is created, you need to define rules to allow traffic.

  1. In the Security Groups list, find the group you want to modify.
  2. To add a rule, click Create Rule.
    • Protocol: Select the protocol (e.g., “Custom TCP Rule”, “All ICMP”, etc.).
    • Direction: Choose “Ingress” (inbound) or “Egress” (outbound).
    • Ether Type: Select “IPv4” or “IPv6”.
    • Port Type: Choose “Port” or “Port Range” if applicable.
    • Source Port/Port Range: Enter the port or range (e.g., 80, 8000:8080).
    • Remote Type:
      • CIDR: To allow traffic from a specific IP range.
      • Security Group: To allow traffic from another security group.
    • Remote IP Prefix: Enter the CIDR (e.g., 0.0.0.0/0) if “CIDR” is selected.
    • Remote Security Group: Select the security group if “Security Group” is selected.
  3. Click OK to save the rule.

To delete a rule, select it from the list and click Delete.

Using Security Groups with Instances

You can assign security groups when launching an instance or modify them for running instances.

During Instance Creation

In the instance launch wizard, look for the Security Groups step and select the groups you want to apply.

For Existing Instances

  1. Navigate to Compute > Instances.
  2. Locate your instance and click the action menu (More ⌄).
  3. Choose Related resources.
  4. Select Manage Security Groups.
  5. Add or remove security groups as needed.
  6. Click OK.

Changes to security groups are applied immediately to all instances associated with that group.