Security Groups in Snow Devices - Amazon Snowcone User Guide
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Security Groups in Snow Devices

A security group acts as a virtual firewall that controls the traffic for one or more instances. When you launch an instance, you associate one or more security groups with the instance. You can add rules to each security group to allow traffic to or from its associated instances. For more information, see Amazon EC2 security groups for Linux instances in the Amazon EC2 User Guide for Linux Instances.

Security groups in Snowcone devices are similar to security groups in the Amazon Web Services Cloud. Virtual private clouds (VPCs) aren't supported on Snowcone devices.

Following, you can find the other differences between Snowcone security groups and EC2-VPC security groups:

  • Each Snowcone has a limit of 50 security groups.

  • The default security group allows all inbound and outbound traffic.

  • Traffic between local instances can use either the private instance IP address or a public IP address. For example, suppose that you want to connect using SSH from instance A to instance B. In this case, your target IP address can be either the public IP or private IP address of instance B, if the security group rule allows the traffic.

  • Only the parameters listed for Amazon CLI actions and API calls are supported. These typically are a subset of those supported in EC2-VPC instances.

For more information about supported Amazon CLI actions, see List of Supported Amazon EC2 Amazon CLI Commands on a Snowcone . For more information about supported API operations, see Supported Amazon EC2 API Operations.