The page has been translated by Gen AI.
How-to guides
You can create the Security Group service by entering essential information and selecting detailed options through the Samsung Cloud Platform Console.
Creating a Security Group
You can create and use the Security Group service through the Samsung Cloud Platform Console.
Follow these steps to create a Security Group:
Click the All Services > Networking > Security Group menu. You will be navigated to the Security Group’s Service Home page.
On the Service Home page, click the Create Security Group button. You will be navigated to the Create Security Group page.
- In the Service Information area, enter the required information.
Item RequiredDetailed Description Security Group Name Required Security Group name to create - Can use uppercase/lowercase English letters, numbers, and special characters(
-), and can enter up to 255 characters
- Can use duplicate Security Group names within a project
Log Storage Optional Select whether to store Security Group logs - Use: Store logs
- Do Not Use: Do not store logs
- Clicking Go to Security Group Logging List navigates to the Security Group Logging list page
Table. Security Group service information input items - Can use uppercase/lowercase English letters, numbers, and special characters(
NoteTo store Security Group logs, you must first create a bucket in Object Storage to store logs, and set that bucket in the Security Group Logging’s log storage.
- You can check the log storage settings in Security Group Logging. For details, refer to Security Group Logging.
- If you set up log storage, Object Storage charges for log storage will be applied.
- In the Additional Information area, enter or select the required information.
Item RequiredDetailed Description Tag Optional Add tag - Can add up to 50 tags per resource
- After clicking the Add Tag button, enter or select Key, Value values
Description Optional User additional description - Can enter up to 255 characters
Table. Security Group additional information input items
- In the Service Information area, enter the required information.
Review the entered information and click the Create button.
- When creation is complete, verify the created resource on the Security Group List page.
Viewing Security Group Detailed Information
On the Security Group List page of the Security Group menu, you can view and modify the entire resource list and detailed information.
Follow these steps to view detailed information of the Security Group:
- Click the All Services > Networking > Security Group menu. You will be navigated to the Security Group’s Service Home page.
- On the Service Home page, click the Security Group menu. You will be navigated to the Security Group list page.
- On the Security Group List page, click the resource for which you want to view detailed information. You will be navigated to the Security Group Detail page.
- The Security Group Detail page displays status information and additional feature information, and consists of Detailed Information, Rules, Tags, Task History tabs.
| Item | Detailed Description |
|---|---|
| Service Status | Status of Security Group
|
| Service Termination | Button to terminate the service |
Table. Security Group status information and additional features
Detailed Information
You can view detailed information of the resource selected from the Security Group List and modify information if necessary.
| Item | Detailed Description |
|---|---|
| Service | Service name |
| Resource Type | Resource type |
| SRN | Unique resource ID in Samsung Cloud Platform |
| Resource Name | Resource name |
| Resource ID | Unique resource ID in the service |
| Creator | User who created the service |
| Creation Date | Date when the service was created |
| Modifier | User who modified the service information |
| Modification Date | Date when the service information was modified |
| Security Group Name | Resource name |
| Security Group ID | Unique resource ID in the service |
| Security Group Rule Count | Rule quota for the Security Group and number of rules in use |
| Security Group Rule Count/Account | Security Group rule quota for the Account and sum of rules in use in all Security Groups of the Account |
| Description | Additional description written by the user
|
| Log Storage | Whether to store Security Group logs
|
| Applied Services | Service type, service name, and status value of services where the Security Group is applied |
Table. Security Group detailed information tab items
Rules
You can view the rule list of the resource selected from the Security Group List page and add or delete rules.
| Item | Detailed Description |
|---|---|
| Excel Download | Download button for rule batch input Excel file |
| More | Additional feature button
|
| Advanced Search | Rule advanced search button |
| Add Rule | Add rule button |
| Direction | Traffic access direction based on the server where Security Group is applied
|
| Rule ID | Unique ID value for the rule |
| Destination Address | Destination address to communicate with the server where Security Group is applied |
| Remote Security Group Name | Security Group resource name displayed when specifying the destination as a Security Group |
| Remote Security Group ID | Security Group ID displayed when specifying the destination as a Security Group |
| Service | Protocol and port |
| Description | Additional description written by the user |
| Delete | Delete rule |
Table. Security Group rules tab items
Tags
You can view, add, modify, or delete tag information for the resource selected from the Security Group List page.
| Item | Detailed Description |
|---|---|
| Tag List | Tag list
|
Table. Security Group tags tab items
Task History
You can view the task history of the resource selected from the Security Group List page.
| Item | Detailed Description |
|---|---|
| Task History List | Resource change history
|
Table. Task history tab items
Managing Security Group Resources
You can manage Security Group resources such as log storage settings, adding rules, etc.
Using Log Storage
Note
To store Security Group logs, you must first create a bucket in Object Storage to store logs, and set that bucket in the Security Group Logging’s log storage.
- You can check the log storage settings in Security Group Logging. For details, refer to Security Group Logging.
- If you set up log storage, Object Storage charges for log storage will be applied.
Follow these steps to store Security Group logs:
- Click the All Services > Networking > Security Group menu. You will be navigated to the Security Group’s Service Home page.
- On the Service Home page, click the Security Group menu. You will be navigated to the Security Group list page.
- On the Security Group List page, click the resource (Security Group name) to store logs. You will be navigated to the Security Group Detail page.
- Click the Edit icon on Log Storage. You will be navigated to the Modify Log Storage popup window.
- In the Modify Log Storage popup window, select Use for log storage and click the OK button.
Caution
If the log storage is not set up in Security Group Logging, you cannot set log storage to Use.
Setting Log Storage to Do Not Use
Follow these steps to stop storing Security Group logs:
- Click the All Services > Networking > Security Group menu. You will be navigated to the Security Group’s Service Home page.
- On the Service Home page, click the Security Group menu. You will be navigated to the Security Group list page.
- On the Security Group List page, click the resource (Security Group name) to not store logs. You will be navigated to the Security Group Detail page.
- Click the Edit icon on Log Storage. You will be navigated to the Modify Log Storage popup window.
- In the Modify Log Storage popup window, deselect Use for log storage and click the OK button.
- Review the message in the Notification popup window and click the OK button.
Caution
If you disable log storage, log storage for that service will stop, and you cannot track and manage through log analysis in case of a security incident.
Adding a Rule
Follow these steps to add a Security Group rule:
Click the All Services > Networking > Security Group menu. You will be navigated to the Security Group’s Service Home page.
On the Service Home page, click the Security Group menu. You will be navigated to the Security Group list page.
On the Security Group List page, click the resource (Security Group name) to add a rule. You will be navigated to the Security Group Detail page.
On the Security Group Detail page, click the Rules tab. You will be navigated to the Rules tab page.
On the Rules tab, click the Add Rule button. You will be navigated to the Add Rule popup window.
Item RequiredDetailed Description Destination Input Method Required Set rule remote type - CIDR: Set destination address by entering IP directly
- Security Group: Set created Security Group as destination
Remote > Destination Address Required When CIDR is selected, need to enter destination IP address - Enter in CIDR (IP address/subnet mask) format
- Can enter multiple addresses up to 100 at once using
,and-.
- To use the entire IP range (ANY), enter ‘0.0.0.0/0’
- Can enter multiple addresses up to 100 at once using
Remote > Security Group Required When Security Group is selected, need to select Security Group Type Required Select protocol type to apply the rule - Select Destination Port/Type: Select protocol type
- Internet Protocol: Enter protocol number, can enter up to 100
- All: Select destination port/Type and protocol as full range, means all ports for all protocols
Type > Protocol Required Select detailed protocol for type - Select desired protocol from TCP, UDP, ICMP, input items vary depending on the selected protocol
- When selecting ICMP in protocol, can set ICMP Type
- Select frequently used Type items such as Echo from values defined in ICMP Type
- Click the Add button to add input value
- When selecting TCP/UDP in protocol, can select allowed ports such as SSH, HTTP
- When entering directly, can enter values 1 ~ 65,535, and can enter up to 100 at once using Comma(,), range(-)
- Click the Add button to add input value
- When selecting Internet Protocol in type, enter protocol number within
1 ~ 254
Direction Required Set traffic access direction based on the application target - Inbound Rule: External → Server
- Outbound Rule: Server → External
Description Optional Additional description written by the user Table. Security Group rule addition detailed itemsReview the rule to add and click the OK button.
Batch Creating Rules
Follow these steps to add multiple Security Group rules at once:
- Click the All Services > Networking > Security Group menu. You will be navigated to the Security Group’s Service Home page.
- On the Service Home page, click the Security Group menu. You will be navigated to the Security Group list page.
- On the Security Group List page, click the resource (Security Group name) to add rules. You will be navigated to the Security Group Detail page.
- On the Security Group Detail page, click the Rules tab. You will be navigated to the Rules tab page.
- On the Rules tab, click the Excel Download button. The rule batch input Excel file will be downloaded.
- Enter rule information in the rule batch input Excel file and save it.
- Click the More > Batch Rule Input button. The Batch Rule Input popup window will open.
- In the Batch Rule Input popup window, click Attach File to attach the created Excel file and click Upload File.
- If the attached Excel file format differs from the registration form or the file is encrypted, it cannot be uploaded.
- The maximum number of batch registration rules that can be uploaded at once is 100. If the maximum registration rule count is exceeded, it cannot be uploaded.
- If the maximum number of rules that can be registered in the Account is exceeded, the file cannot be uploaded.
- Review the details in the Rule Confirmation popup window and click the OK button.
Deleting a Rule
Follow these steps to delete a Security Group rule:
- Click the All Services > Networking > Security Group menu. You will be navigated to the Security Group’s Service Home page.
- On the Service Home page, click the Security Group menu. You will be navigated to the Security Group list page.
- On the Security Group List page, click the resource (Security Group name) to add a rule. You will be navigated to the Security Group Detail page.
- On the Security Group Detail page, click the Rules tab. You will be navigated to the Rules tab page.
- On the Rules tab, click the Delete button of the rule to delete.
Terminating Security Group
You can delete a Security Group that is not in use.
Caution
If there are resources connected to the Security Group, you cannot terminate the Security Group service. Delete all connected resources and then terminate the service.
Follow these steps to terminate the Security Group:
- Click the All Services > Networking > Security Group menu. You will be navigated to the Security Group’s Service Home page.
- On the Service Home page, click the Security Group menu. You will be navigated to the Security Group List page.
- On the Security Group List page, select the resource (Security Group name) to terminate the service and click the Terminate Service button.
- When termination is complete, verify that the resource has been deleted on the Security Group List page.