A security group is a virtual firewall that features stateful data packet filtering. It is used to configure the network access control of CVM, Cloud Load Balancer, TencentDB, and other instances while controlling their outbound and inbound traffic. It is an important means of network security isolation.
You can configure security group rules to allow or reject inbound and outbound traffic of instances within the security group.
For more information on the use limits and the quotas of security groups, please see security group limits in Use Limits Overview.
A security group rule consists of the following components:
An instance can be bound to one or multiple security groups. When it is bound to multiple security groups, the security group rules will be matched sequentially from top to bottom. You can adjust the priorities of security groups at any time.
When creating a security group, you can select one of the two security group templates provided by Tencent Cloud:
- If these templates cannot meet your actual needs, you can create custom security groups. For more information, see Creating a Security Group and Security Group Use Cases.
- If you need to protect the application layer (HTTP/HTTPS), you can purchase a Tencent Cloud Web Application Firewall (WAF). WAF protects web security at the application layer against web vulnerabilities, malicious crawlers, and CC attacks, helping protect your websites and web applications.
The following figure shows you how to use a security group: