Security Groups in Snowball Edge Devices - Amazon Snowball Edge Developer Guide
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Security Groups in Snowball Edge Devices

A security group acts as a virtual firewall that controls the traffic for one or more instances. When you launch an instance, you associate one or more security groups with the instance. You can add rules to each security group to allow traffic to or from its associated instances. For more information, see Amazon EC2 security groups for Linux instances in the Amazon EC2 User Guide for Linux Instances.

Security groups in Snowball Edge devices are similar to security groups in the Amazon Cloud. Virtual private clouds (VPCs) aren't supported on Snowball Edge devices.

Following, you can find the other differences between Snowball Edge security groups and EC2-VPC security groups:

  • Each Snowball Edge has a limit of 50 security groups.

  • The default security group allows all inbound and outbound traffic.

  • Traffic between local instances can use either the private instance IP address or a public IP address. For example, suppose that you want to connect using SSH from instance A to instance B. In this case, your target IP address can be either the public IP or private IP address of instance B, if the security group rule allows the traffic.

  • Only the parameters listed for Amazon CLI actions and API calls are supported. These typically are a subset of those supported in EC2-VPC instances.

For more information about supported Amazon CLI actions, see List of Supported Amazon EC2-compatible Amazon CLI Commands on a Snowball Edge. For more information on supported API operations, see Supported Amazon EC2-compatible API Operations.