Vyatta NOS documentation

Learn how to install, configure, and operate Vyatta Network Operating System (Vyatta NOS), which helps to drive our virtual networking and physical platforms portfolio.

Modifying the default security group

How to modify the default security group and allow SSH access.

Security groups provide the policies that control traffic flow and access for EC2 instances and instances within a VPC. EC2 security groups and VPC security groups are independent of each another. EC2 security groups cannot be used for instances within a VPC, and VPC security groups cannot be used for EC2 instances (that is, instances not associated with a VPC). Vyatta NOS AMI instances are launched into VPCs, so they use VPC security groups.

The default VPC security group allows instances within the VPC to communicate with one another and to access the Internet, but it does not allow remote access to the AMI instance or instances that you create within the VPC. To provide remote SSH access to the VPC, either create a new security group or modify the default security group. The following example shows how to modify the default security group to allow SSH access from anywhere.

Note: This example shows how to allow SSH access from anywhere for testing purposes only. In general, it is best to restrict SSH access to source addresses that you control. Change the port to something other than 22 or 2222. Also, make sure you change the default password on all devices in your network.

To modify the default security group to allow SSH access:

  1. On the AWS Management Console Home page, click VPC.

    The Amazon VPC Console Dashboard page appears.

    Figure 1. Amazon VPC Console Dashboard
  2. In the left navigation pane, select Security Groups.
    The ​Security Groups​​ page opens on the right.
  3. Select the default security group.
    The details for the default security group appear at the bottom of the page.
    Figure 2. Default security group
  4. Click the Inbound Rules tab. The default inbound rule appears. This rule provides access between the instances that use this security group.
  5. Click Edit and then click Add another rule to add new rules. Select SSH from the drop‐down menu.
    Figure 3. Add rule (SSH)
  6. In the Source field, enter 0.0.0.0/0 and click Add another Rule. The rule appears in the rule table to the right.
  7. Click Save to apply the rule change. The security group now allows SSH access from anywhere.

    The default VPC security group does not allow instances within the VPC to respond to pings (ICMP echo requests) from remote devices. In many cases this is desirable. We want to determine that an instance is reachable for testing purposes, so we allow ICMP traffic. This example shows how to modify the default security group to allow incoming ICMP traffic from anywhere.

    To modify the default VPC security group to allow ICMP traffic.

  8. Click Edit and then click Add another rule to add new rules.
  9. Select ALL ICMP from the drop‐down menu.
    Figure 4. Add rule (ALL ICMP)
  10. In the Source field, enter 0.0.0.0/0 and click Save. The rule appears in the rule table to the right.
    The security group now allows ICMP traffic from anywhere.