<p>This article describes how to create security policy for cloud host that is bound to the ECS.</p> <p><strong><span style="font-size:18px">Overview</span></strong></p> <p>Security policy provides secure access control for cloud host that is bound to the ECS. Users can define properties including IN/OUT direction, protocol type, port range and the authorized IP by creating security policy.</p> <p><span style="font-size:18px"><strong>Prerequisites</strong></span></p> <p>You have created the IGW, and the ECS under the IGW.</p> <p><span style="font-size:18px"><strong>Procedures</strong></span></p> <p>1.&nbsp;Log in to <a href="https://yun.pingan.com/console/igw/overview" target="_blank">IGW Console</a>.</p> <p>2.&nbsp;In the left navigation pane, click <strong>IGW</strong> to enter the <strong>IGW </strong>page.</p> <p>3.&nbsp;Click <strong>Name</strong> of the target IGW to enter the <strong>IGW Information</strong> page.</p> <p>4.&nbsp;Click the <strong>ECS IP ADDRESS</strong> tab.</p> <p>5.&nbsp;Click <strong>Manage</strong> in the <strong>Security Policy</strong> column to enter the page of security policy management.</p> <p><img src="https://obs-cn-shanghai.yun.pingan.com/pcp-portal/20201607191122-1608a13a95cd.png" style="height:258px; width:830px" /></p> <p>6.&nbsp;Click <strong>Create</strong> in the upper-right corner to open the <strong>Create Security Policy</strong> dialog box.</p> <p>7.&nbsp;Create security policy based on the following information.</p> <p><img src="https://obs-cn-shanghai.yun.pingan.com/pcp-portal/20201607191148-1208ecd49e8c.png" style="height:581px; width:830px" /></p> <table border="1" cellpadding="0" cellspacing="0" style="width:0px"> <tbody> <tr> <td style="background-color:#ededed; width:166px"> <p><strong>Configuration Item</strong></p> </td> <td style="background-color:#ededed; vertical-align:top; width:594px"> <p><strong>Description</strong></p> </td> </tr> <tr> <td style="width:166px"> <p><strong>Direction</strong></p> </td> <td style="vertical-align:top; width:594px"> <p>Select the OUT/IN direction of the security policy.</p> <p>&bull;&nbsp;<strong>OUT:</strong> It means that it allows cloud host instance bound to the Internet to access the authorized IP.</p> <p>&bull;&nbsp;<strong>IN:</strong> It means that it allows the authorized IP to access cloud host instance bound to the Internet.</p> </td> </tr> <tr> <td style="width:166px"> <p><strong>Protocol Type</strong></p> </td> <td style="vertical-align:top; width:594px"> <p>Select network protocol type. Currently, there are only two options, including TCP and UDP.</p> </td> </tr> <tr> <td style="width:166px"> <p><strong>Port Range</strong></p> </td> <td style="vertical-align:top; width:594px"> <p>Enter a port value in the range of 1 to 65535.</p> </td> </tr> <tr> <td style="width:166px"> <p><strong>Authorized IP</strong></p> </td> <td style="vertical-align:top; width:594px"> <p>Enter the authorized IP.</p> </td> </tr> <tr> <td style="width:166px"> <p><strong>Description</strong></p> </td> <td style="vertical-align:top; width:594px"> <p>Customize the description of the security policy.</p> <p><img src="https://obs-cn-shanghai.yun.pingan.com/pcp-portal/20201607191243-1d579e8e9d83.png" style="height:23px; margin:1px; width:50px" /><strong>:</strong> Enter a maximum of 20 characters.</p> </td> </tr> </tbody> </table> <p>8. Click <strong>Confirm</strong>, and &ldquo;<strong>Operation succeeded</strong>&rdquo; will appear at the bottom of the page.</p>