Note: Please go to to access the current RightScale documentation set. Also, feel free to Chat with us!
Home > Reference Info > Dashboard Help Text > Security_groups


Table of Contents


Creates a new Security Group. Requires the 'security_manager' user role privilege. You will be prompted for the following information:

  • Name - Name of the Security Group.
  • Description - Description of the Security Group.

Click the Create action button when ready. Once created, the Security Group show page is presented where you can specify inbound (ingress) security rules for your Security Group. The default posture is to deny all access. Rules must be added in order to enable inbound traffic to any instance using the Security Group.

Clouds > Cloud > Security Groups > New


Security Groups are essentially firewalls for instances in the Cloud. It defines which ports are opened in the cloud infrastructure's firewall to allow incoming connections to your instance. (All Security Group rules are ingress.) When you launch an instance in the cloud, you must assign a Security Group (or Security Groups) to it.


  • Name - Name of the Security Group. The name will be used in various drop down menus when selecting the Security Group. For example, when launching a new instance.
  • Created by - RightScale user that created the Security Group. For example, or "- unknown -" if the user could not be determined.
  • Resource UID - Resource Unique IDentifier for the Security Group. Each resource (or entity) in the Dashboard has a unique ID tied to it. Whether the ID is numeric or alphanumeric varies depending on the cloud infrastructure. The Resource UID is generated and persistent in the Cloud. The value is initially retrieved from the Cloud, set in the database, and retrieved/displayed in many areas of the Dashboard (tied to the specific cloud resource).


Note: Only accounts with the 'security_manager' user role are permitted to create new Security Groups, or delete existing ones.

  • New - Create a new Security Group.
  • Delete - Delete an existing Security Group.
Clouds > Cloud > Security Groups

- -


The Security Groups show page groups information based on general information, configured Permissions, Add Permissions capabilities and Timestamp data.

  • Info - General information about the Security Group. For example, who created the Security Group, or "unknown".
  • Permissions - Shows the permissions tied to Security Group ingress rules that have previously been added to the group, if any. The default posture is to deny all inbound access. Detailed information with respect to previously added Security Group rules is listed in this section. (For example, networking protocol, affected IP addresses, and port(s). If any permissions have been added, they are categorized as Allow. Click the revoke action button to take away the previously added permissions in the Security Group.
  • Add Permissions - When adding permissions to your Security Group you will need to specify the following information:
    • Add IPs: Specify the protocol (tcp or udp); IP address and mask (using CIDR notation); Individual port or port range (specify the beginning and port in the range. For an individual port, use the same port in both the from/to fields.)
    • Add IPs (ICMP): Specify the IP address and mask (using CIDR notation); Specify the type and code (which defaults to to type -1 and code -1 to designate "any" type/code). Rarely is this ever changed. However, you can specify an individual type and code for permitted control messages.
    • Add Group: If you want to allow instances within the same Security Group to communicate across any ports, you can add a Security Group to itself. Similarly, you can use the 'Add Group' functionality to add another Security Group to an existing Security Group to control access permissions. When you add a Security Group to another Security Group, those instances will communicate to private IP addresses across the specified ports. When adding a Security Group, you can specify the following: Owner of the Security Group; Security Group to add; You can further tighten down the rules by specifying the protocol (tcp or udp) and a port or range of ports.
  • Timestamps - Critical Security Group timestamps (in the local TZ) are shown.
    • Created at - Time and date stamp that the Security Group was created at. (e.g. 2010-12-08 20:35:53 PST)
    • Updated at - Time and date stamp when the Security Group was last updated.


  • Delete - Delete the entire Security Group. A confirmation dialog box is presented prior to deletion.
  • Revoke - Revoke a Security Group rule that was previously added. Note: The rule is immediately deleted from the Security Group. No confirmation is required. Simply re-add the rule if you ever accidentally revoke the wrong rule.
  • Add - Add an inbound Security Group rule. The following criteria can be configured when adding a new rule: Networking protocol, IP address (CIDR notation), individual port or port range. You will only see this action button if you have the 'security_manager' User Role.
Clouds > Cloud > Security Groups > Show
You must to post a comment.
Last modified
08:20, 8 Jul 2013


This page has no custom tags.


This page has no classifications.



© 2006-2014 RightScale, Inc. All rights reserved.
RightScale is a registered trademark of RightScale, Inc. All other products and services may be trademarks or servicemarks of their respective owners.