Controlling network traffic with security groups on Snowball Edge
A security group acts as a virtual firewall that controls the traffic for one or more instances. When you launch an instance, you associate one or more security groups with the instance. You can add rules to each security group to allow traffic to or from its associated instances. For more information, see Amazon EC2 security groups for Linux instances in the Amazon EC2 User Guide.
Security groups on Snowball Edge devices are similar to security groups in the AWS Cloud. Virtual private clouds (VPCs) aren't supported on Snowball Edge devices.
Following, you can find the other differences between Snowball Edge security groups and EC2 VPC security groups:
-
Each Snowball Edge device has a limit of 50 security groups.
-
The default security group allows all inbound and outbound traffic.
-
Traffic between local instances can use either the private instance IP address or a public IP address. For example, suppose that you want to connect using SSH from instance A to instance B. In this case, your target IP address can be either the public IP or private IP address of instance B, if the security group rule allows the traffic.
-
Only the parameters listed for AWS CLI actions and API calls are supported. These typically are a subset of those supported in EC2 VPC instances.
For more information about supported AWS CLI actions, see List of supported EC2-compatible AWS CLI commands on a Snowball Edge. For more information on supported API operations, see Supported Amazon EC2-compatible API operations on a Snowball Edge.