Default Security Groups
When creating an instance, you must associate it with a security group. If there is no security group available, a default security group will be created and associated with the instance. Note the following when using default security group:
Default Security Group Rules
Note the following when using default security group rules:
- Inbound rules control incoming traffic to instances in the default security group. The instances can communicate with each other but cannot be accessed from external networks.
- Outbound rules allow all traffic from the instances in the default security group to external networks.
Figure 1 Default security group

Table 1 describes the default rules for the default security group.
Direction | Action | Type | Protocol & Port | Source/Destination | Description |
---|---|---|---|---|---|
Inbound | Allow | IPv4 | All | Source: default security group (default) | Allows IPv4 instances in the security group to communicate with each other using any protocol over any port. |
Inbound | Allow | IPv6 | All | Source: default security group (default) | Allows IPv6 instances in the security group to communicate with each other using any protocol over any port. |
Outbound | Allow | IPv4 | All | Destination: 0.0.0.0/0 | Allows all traffic from the instances in the security group to any IPv4 address over any port. |
Outbound | Allow | IPv6 | All | Destination: ::/0 | Allows all traffic from the instances in the security group to any IPv6 address over any port. |
- Default Security Group Rules