ECS Security Groups
Start course

This course introduces you to Alibaba’s Elastic Compute Service, or ECS, one of the most common services within the Alibaba platform. It is a high-performance, stable, reliable, and scalable compute service that allows you to deploy virtual servers within your Alibaba Cloud environment. Most people will require some form of ECS Instance running within their environment as a part of at least one of their solutions.

This course covers the following components:

  • ECS Concepts
  • ECS Instances
  • ECS Images
  • ECS Storage
  • ECS Snapshots
  • ECS Security Groups and
  • ECS Networks

For feedback, queries, or suggestions on this course, please contact us at

Intended Audience

This course is designed for IT professionals who are just starting out in the world of Alibaba Cloud and want to know more about the ECS service it offers.


To get the most from this course, you should already have some basic knowledge of cloud computing. If you would like to brush up on your knowledge before taking this course, please consider taking our What is Cloud Computing? course.


The next section we will cover is Security Groups. Security groups act as virtual firewalls that provide Stateful Packet Inspection and packet filtering of network protocol, port and source IP traffic to allow or deny access. You can configure security group rules to control the inbound and outbound traffic of ECS instances in the group.

There are 2 classifications of security groups: Basic and Advanced. Basic security groups support up to 2000 private IP Addresses, inbound and outbound rules can be configured to allow or deny ECS instances in basic security groups access to the Internet or intranet. Advanced security groups are a new type of security group. Compared to a basic security group, an advanced security group can contain an unlimited number of private IP addresses. You can only configure allow rules for inbound and outbound traffic, as all non-allowed traffic is denied by default.

Security groups have the following characteristics: You must specify a security group when you create an ECS instance. Each ECS instance must belong to at least one security group but can be added to multiple Security Groups at the same time. ECS Instances cannot belong to both basic and advanced security groups at the same time, however. ECS instances in the same security group can communicate with each other through the internal network. ECS instances in different security groups are isolated from each other. You can add security group rules to authorize mutual access between two security groups. You can configure security group rules only for basic security groups, to authorize mutual access between two security groups.

Default Security Group: When you create an ECS instance in a region through the ECS console, a default security group is created if no other security group has been created under the current account in this region. The default security group is a basic security group and has the same network type as the ECS instance.


Overview - ECS Concepts - ECS Instances - ECS Images - ECS Storage - ECS Snapshots - ECS Networking - ECS Demo

About the Author

David has been a trainer with QA for over 12 years and has been training cloud technologies since 2017.  Currently certified in Microsoft and Alibaba cloud technologies David has previously been a system and Network administrator amongst other roles.    

Currently, he is a Principle Technology Learning Specialist (Cloud) at QA. He loves nothing more than teaching cloud-based courses and also has a passion for teaching PowerShell scripting.

Outside of work, his main love is flying Radio control airplanes, and teaching people to fly them.