Skip to content

VPC Security

Firewall

  • Firewall rules are stateful
  • Implied deny all ingress and allow all egress

Rule Fields

Field Description
direction
  • Inbound connections: matched against ingress rules only
  • Outbound connections: matched against egress rules only
target/source
  • Target:
    • All instances in the network
    • Specified target tags
    • Specified Service Accounts
  • Source:
    • IP ranges
    • Subnets
    • Source tags
    • Service Accounts
protocol and port
  • Can be applied to any rule
action
  • allow or deny
priority
  • The 1st matching rule is applied
Rule assignment
  • All rules are assigned to all instances
  • It is possible to assign certain rules to certain instances only