Networking and Security

You can assign IP address to instances dynamically, unassign addresses, create security groups and assign networking rules to security groups.

Allocating and associating IP addresses

You may use "euca-allocate-address" and "euca-associate-address" to allocate IP addresses and associate public IP addresses with instances, respectively.

In the following example, we will allocate an IP address and associate it with the instance "i-56785678".

euca-allocate-address
ADDRESS    a.b.c.d

euca-associate-address -i i-56785678 a.b.c.d

Disassociating and Releasing addresses

You may use "euca-disassociate-address" and "euca-release-address" to disassociate an IP address from an instance and to release the IP address to the global pool. For instance, to release and disassociate the address "a.b.c.d."

euca-disassociate-address a.b.c.d

euca-release-address a.b.c.d

Creating a security group

You can create a security group using the "euca-add-group" command. For instance, to create a group named "mygroup," you may use the following command,

euca-add-group -d "mygroup description" mygroup

Security groups may be specified when running instances with "euca-run-instances" using the "-g" parameter.

Adding networking rules to security groups

By default, a security group denies incoming network traffic from all sources. You may add networking related rules to security groups using the command "euca-authorize."

To see the entire list of options, type,

euca-authorize --help

For example, to allow incoming ssh (port 22) traffic to the security group "mygroup" you may use the following command, which specifies a protocol (tcp) a port (22) and a CIDR source network (0.0.0.0/0, which refers to any source):

euca-authorize -P tcp -p 22 -s 0.0.0.0/0 mygroup

Instead of specifying a CIDR source, you may instead specify another security group to allow access from:

euca-authorize --source-group someothergroup --source-group-user someotheruser -P tcp -p 22 mygroup

Revoking networking rules from security groups

Revocation works the same way as addition (i.e. the command takes the same parameters), except that you should use the "euca-revoke"

euca-revoke -P tcp -p 22 -s 0.0.0.0/0 mygroup

euca-revoke --help

will list all options.

Deleting a security group

You may use "euca-delete-group" to delete a security group. For example,

euca-delete-group mygroup

will delete the security group "mygroup."

	Corporate Home Open Source Home	Download Eucalyptus \| Contact Us \| Blog
	Learn What is Eucalyptus Cloud IT Roles Case Study: ECC Issue tracker Test Drive Community Cloud FastStart Download Read FAQs Presentations Security Information Guides... Administrator's Guide User's Guide Tools Participate Community Wiki Roadmaps Developers Forum Announcements Articles & Blogs Community Cloud General Discussion Site Feedback Support Questions Bug Tracker Planet Eucalyptus Blog Contact

Table of Contents