SecurityGroup Management Guide(KR) - cloud-barista/cb-spider GitHub Wiki

Security Group Management Guide

Language: English | ν•œκ΅­μ–΄

1. CB-Spider Security Group κ°œμš”

  • μ‚¬μš©μžλŠ” Security Group을 μƒμ„±ν•˜μ—¬ VM의 inbound/outbound λ„€νŠΈμ›Œν¬ νŠΈλž˜ν”½μ„ μ œμ–΄ν•  수 μžˆλ‹€.
  • Security Group은 νŠΉμ • VPC에 μ†Œμ†λ˜λ©°, ν•˜λ‚˜ μ΄μƒμ˜ λ³΄μ•ˆ κ·œμΉ™(Security Rules)을 포함할 수 μžˆλ‹€.
  • CB-Spider Security Group은 ν—ˆμš© κ·œμΉ™(Allow Rule)을 μ •μ˜ν•˜λŠ” λ°©μ‹μœΌλ‘œ λ™μž‘ν•œλ‹€.
  • Security Groupκ³Ό VM κ°„μ˜ κ΄€κ³„λŠ” μ•„λž˜ κ·Έλ¦Όκ³Ό κ°™λ‹€.
β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
β”‚                  CB-Spider Security Group                   β”‚
β”‚                                                             β”‚
β”‚  VPC (10.0.0.0/16)                                          β”‚
β”‚  β”œβ”€β”€ SecurityGroup-1                                        β”‚
β”‚  β”‚   β”œβ”€β”€ Rule: Inbound TCP 22 from 0.0.0.0/0                β”‚
β”‚  β”‚   β”œβ”€β”€ Rule: Inbound TCP 80 from 0.0.0.0/0                β”‚
β”‚  β”‚   └── Rule: Outbound ALL -1 to 0.0.0.0/0                 β”‚
β”‚  β”‚   └── Applied to: VM-1, VM-2                             β”‚
β”‚  β”‚                                                          β”‚
β”‚  └── SecurityGroup-2                                        β”‚
β”‚      β”œβ”€β”€ Rule: Inbound TCP 3306 from 10.0.0.0/16            β”‚
β”‚      β”œβ”€β”€ Rule: Outbound ALL -1 to 0.0.0.0/0                 β”‚
β”‚      └── Applied to: VM-3                                   β”‚
β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜

1.1 Default Security Rules

Security Group 생성 μ‹œ default Rule은 λ‹€μŒκ³Ό κ°™μœΌλ©°, CSPλ³„λ‘œ κ΄€λ ¨ Rule이 보일 μˆ˜λ„ 있고 μ•ˆλ³΄μΌ μˆ˜λ„ μžˆλ‹€:

  • inbound: λͺ¨λ“  νŠΈλž˜ν”½ 차단
  • outbound: λͺ¨λ“  νŠΈλž˜ν”½ ν—ˆμš©

1.2 Security Rule 속성

각 Security Rule은 λ‹€μŒκ³Ό 같은 μ†μ„±μœΌλ‘œ μ •μ˜λœλ‹€:

속성 μ„€λͺ… μ˜ˆμ‹œ
Direction νŠΈλž˜ν”½ λ°©ν–₯ inbound | outbound
IPProtocol λŒ€μƒ ν”„λ‘œν† μ½œ ALL, TCP, UDP, ICMP
FromPort μ‹œμž‘ 포트 TCP/UDP: 1~65535ICMP/ALL: -1
ToPort μ’…λ£Œ 포트 TCP/UDP: 1~65535ICMP/ALL: -1
CIDR 적용 λŒ€μƒ μ£Όμ†Œ λ²”μœ„ 0.0.0.0/0, ::/0, 10.0.0.0/16 λ“±

2. CB-Spider Security Group API 및 제곡 정보 규격

  • μ‚¬μš©μžλŠ” λ‹€μŒκ³Ό 같은 CB-Spider REST APIλ₯Ό μ΄μš©ν•˜μ—¬ Security Group 정보λ₯Ό JSON 규격으둜 μ œκ³΅λ°›λŠ”λ‹€.

2.1 Security Group 관리 API

# Security Group 관리
POST   /spider/securitygroup                - Create SecurityGroup
GET    /spider/securitygroup                - List SecurityGroups
GET    /spider/securitygroup/vpc/{VPCName}  - List SecurityGroups in VPC
GET    /spider/securitygroup/{Name}         - Get SecurityGroup
DELETE /spider/securitygroup/{Name}         - Delete SecurityGroup

# Security Group 등둝/ν•΄μ œ (κΈ°μ‘΄ CSP Security Group 연동)
POST   /spider/regsecuritygroup             - Register SecurityGroup
DELETE /spider/regsecuritygroup/{Name}      - Unregister SecurityGroup

# Security Group λͺ©λ‘ 쑰회 (전체)
GET    /spider/allsecuritygroup             - List All SecurityGroups (CB-Spider + CSP)
GET    /spider/allsecuritygroupinfo         - List All SecurityGroups Info

# Security Group 톡계
GET    /spider/countsecuritygroup           - Count All SecurityGroups
GET    /spider/countsecuritygroup/{ConnectionName} - Count SecurityGroups by Connection

# CSP Security Group 직접 μ‚­μ œ
DELETE /spider/cspsecuritygroup/{Id}        - Delete CSP SecurityGroup

2.2 Security Rules 관리 API

# Security Rules μΆ”κ°€/μ‚­μ œ
POST   /spider/securitygroup/{SGName}/rules - Add Rules
DELETE /spider/securitygroup/{SGName}/rules - Remove Rules

2.3 제곡 정보 규격

Security Group 정보 (SecurityInfo)

ν•„λ“œ μ„€λͺ… μ˜ˆμ‹œ
IId Security Group의 μ‹λ³„μž 정보 (NameId, SystemId) ● {Name: "sg-01", SystemId: "sg-1234abcd"}
VpcIID μ†Œμ† VPC의 μ‹λ³„μž 정보 (NameId, SystemId) ● {Name: "vpc-01", SystemId: "vpc-5678efgh"}
SecurityRules Security Rule 정보 리슀트 ● μ•„λž˜ Security Rule 정보 μ°Έμ‘°
TagList Security Group에 ν• λ‹Ήλœ νƒœκ·Έ 리슀트 ● [{Key: "Environment", Value: "Production"}]
KeyValueList CSPκ°€ μ œκ³΅ν•˜λŠ” μΆ”κ°€ 정보λ₯Ό Key/Value List ν˜•νƒœλ‘œ 제곡 ● [{Key: "GroupId", Value: "sg-1234"}]

Security Rule 정보 (SecurityRuleInfo)

ν•„λ“œ μ„€λͺ… μ˜ˆμ‹œ
Direction νŠΈλž˜ν”½ λ°©ν–₯ ● "inbound", "outbound"
IPProtocol ν”„λ‘œν† μ½œ μœ ν˜• ● "TCP", "UDP", "ICMP", "ALL"
FromPort μ‹œμž‘ 포트 번호 ● "22", "80", "1", "-1"(ALL/ICMP)
ToPort μ’…λ£Œ 포트 번호 ● "22", "80", "65535", "-1"(ALL/ICMP)
CIDR 적용 λŒ€μƒ IP μ£Όμ†Œ λ²”μœ„ (CIDR ν‘œκΈ°) ● "0.0.0.0/0", "10.0.0.0/16", "::/0"

ν”„λ‘œν† μ½œλ³„ Security Rule μ„ΈλΆ€ κ·œμΉ™

Direction IPProtocol FromPort ToPort CIDR λΉ„κ³ 
inbound, outbound ALL -1 -1 0.0.0.0/0, ::/0 λ“± λͺ¨λ“  νŠΈλž˜ν”½ ν—ˆμš©
inbound, outbound TCP 1~65535 1~65535 0.0.0.0/0 λ“± 예: SSH(22), HTTP(80), HTTPS(443)
inbound, outbound UDP 1~65535 1~65535 0.0.0.0/0 λ“± 예: DNS(53), NTP(123)
inbound, outbound ICMP -1 -1 0.0.0.0/0 λ“± λ„€νŠΈμ›Œν¬ 계측, 포트 λΆˆν•„μš”μ˜ˆ: ping, traceroute

3. CB-Spider Security Group API 및 제곡 정보 μ˜ˆμ‹œ

3.1 Security Group 생성 μ˜ˆμ‹œ

  • AWSμ—μ„œ SSH와 HTTP 접근을 ν—ˆμš©ν•˜λŠ” sg-web Security Group을 μƒμ„±ν•˜λŠ” API 호좜 및 κ²°κ³Ό μ˜ˆμ‹œκ°€ λ‹€μŒκ³Ό κ°™λ‹€.
curl -sX 'POST' 'http://localhost:1024/spider/securitygroup' \
  -H 'Content-Type: application/json' \
  -d '{
    "ConnectionName": "aws-config01",
    "ReqInfo": {
      "Name": "sg-web",
      "VPCName": "vpc-01",
      "SecurityRules": [
        {
          "Direction": "inbound",
          "IPProtocol": "TCP",
          "FromPort": "22",
          "ToPort": "22",
          "CIDR": "0.0.0.0/0"
        },
        {
          "Direction": "inbound",
          "IPProtocol": "TCP",
          "FromPort": "80",
          "ToPort": "80",
          "CIDR": "0.0.0.0/0"
        },
        {
          "Direction": "inbound",
          "IPProtocol": "TCP",
          "FromPort": "443",
          "ToPort": "443",
          "CIDR": "0.0.0.0/0"
        },
        {
          "Direction": "outbound",
          "IPProtocol": "ALL",
          "FromPort": "-1",
          "ToPort": "-1",
          "CIDR": "0.0.0.0/0"
        }
      ]
    }
  }' | jq

응닡 μ˜ˆμ‹œ:

{
  "IId": {
    "NameId": "sg-web",
    "SystemId": "sg-0a1b2c3d4e5f67890"
  },
  "VpcIID": {
    "NameId": "vpc-01",
    "SystemId": "vpc-1a2b3c4d"
  },
  "SecurityRules": [
    {
      "Direction": "inbound",
      "IPProtocol": "TCP",
      "FromPort": "22",
      "ToPort": "22",
      "CIDR": "0.0.0.0/0"
    },
    {
      "Direction": "inbound",
      "IPProtocol": "TCP",
      "FromPort": "80",
      "ToPort": "80",
      "CIDR": "0.0.0.0/0"
    },
    {
      "Direction": "inbound",
      "IPProtocol": "TCP",
      "FromPort": "443",
      "ToPort": "443",
      "CIDR": "0.0.0.0/0"
    },
    {
      "Direction": "outbound",
      "IPProtocol": "ALL",
      "FromPort": "-1",
      "ToPort": "-1",
      "CIDR": "0.0.0.0/0"
    }
  ],
  "KeyValueList": [
    {
      "Key": "GroupId",
      "Value": "sg-0a1b2c3d4e5f67890"
    },
    {
      "Key": "GroupName",
      "Value": "sg-web"
    }
  ]
}

3.2 Security Group 쑰회 μ˜ˆμ‹œ

  • AWS sg-web Security Group 정보 호좜 API 및 제곡 정보 μ˜ˆμ‹œκ°€ λ‹€μŒκ³Ό κ°™λ‹€.
curl -sX 'GET' 'http://localhost:1024/spider/securitygroup/sg-web?ConnectionName=aws-config01' | jq

응닡 μ˜ˆμ‹œ:

{
  "IId": {
    "NameId": "sg-web",
    "SystemId": "sg-0a1b2c3d4e5f67890"
  },
  "VpcIID": {
    "NameId": "vpc-01",
    "SystemId": "vpc-1a2b3c4d"
  },
  "SecurityRules": [
    {
      "Direction": "inbound",
      "IPProtocol": "TCP",
      "FromPort": "22",
      "ToPort": "22",
      "CIDR": "0.0.0.0/0"
    },
    {
      "Direction": "inbound",
      "IPProtocol": "TCP",
      "FromPort": "80",
      "ToPort": "80",
      "CIDR": "0.0.0.0/0"
    },
    {
      "Direction": "inbound",
      "IPProtocol": "TCP",
      "FromPort": "443",
      "ToPort": "443",
      "CIDR": "0.0.0.0/0"
    },
    {
      "Direction": "outbound",
      "IPProtocol": "ALL",
      "FromPort": "-1",
      "ToPort": "-1",
      "CIDR": "0.0.0.0/0"
    }
  ]
}

3.3 Security Group λͺ©λ‘ 쑰회 μ˜ˆμ‹œ

curl -sX 'GET' 'http://localhost:1024/spider/securitygroup?ConnectionName=aws-config01' | jq

응닡 μ˜ˆμ‹œ:

{
  "securitygroup": [
    {
      "IId": {
        "NameId": "sg-web",
        "SystemId": "sg-0a1b2c3d4e5f67890"
      },
      "VpcIID": {
        "NameId": "vpc-01",
        "SystemId": "vpc-1a2b3c4d"
      },
      "SecurityRules": [...]
    },
    {
      "IId": {
        "NameId": "sg-db",
        "SystemId": "sg-1b2c3d4e5f678901"
      },
      "VpcIID": {
        "NameId": "vpc-01",
        "SystemId": "vpc-1a2b3c4d"
      },
      "SecurityRules": [...]
    }
  ]
}

3.4 VPC별 Security Group λͺ©λ‘ 쑰회 μ˜ˆμ‹œ

curl -sX 'GET' 'http://localhost:1024/spider/securitygroup/vpc/vpc-01?ConnectionName=aws-config01' | jq

응닡 μ˜ˆμ‹œ:

{
  "securitygroup": [
    {
      "IId": {
        "NameId": "sg-web",
        "SystemId": "sg-0a1b2c3d4e5f67890"
      },
      "VpcIID": {
        "NameId": "vpc-01",
        "SystemId": "vpc-1a2b3c4d"
      },
      "SecurityRules": [...]
    }
  ]
}

3.5 Security Rules μΆ”κ°€ μ˜ˆμ‹œ

  • κΈ°μ‘΄ Security Group에 μƒˆλ‘œμš΄ Rule을 μΆ”κ°€ν•˜λŠ” API 호좜 μ˜ˆμ‹œκ°€ λ‹€μŒκ³Ό κ°™λ‹€.
curl -sX 'POST' 'http://localhost:1024/spider/securitygroup/sg-web/rules' \
  -H 'Content-Type: application/json' \
  -d '{
    "ConnectionName": "aws-config01",
    "ReqInfo": {
      "RuleInfoList": [
        {
          "Direction": "inbound",
          "IPProtocol": "TCP",
          "FromPort": "3306",
          "ToPort": "3306",
          "CIDR": "10.0.0.0/16"
        },
        {
          "Direction": "inbound",
          "IPProtocol": "ICMP",
          "FromPort": "-1",
          "ToPort": "-1",
          "CIDR": "0.0.0.0/0"
        }
      ]
    }
  }' | jq

응닡 μ˜ˆμ‹œ:

{
  "IId": {
    "NameId": "sg-web",
    "SystemId": "sg-0a1b2c3d4e5f67890"
  },
  "VpcIID": {
    "NameId": "vpc-01",
    "SystemId": "vpc-1a2b3c4d"
  },
  "SecurityRules": [
    {
      "Direction": "inbound",
      "IPProtocol": "TCP",
      "FromPort": "22",
      "ToPort": "22",
      "CIDR": "0.0.0.0/0"
    },
    {
      "Direction": "inbound",
      "IPProtocol": "TCP",
      "FromPort": "80",
      "ToPort": "80",
      "CIDR": "0.0.0.0/0"
    },
    {
      "Direction": "inbound",
      "IPProtocol": "TCP",
      "FromPort": "443",
      "ToPort": "443",
      "CIDR": "0.0.0.0/0"
    },
    {
      "Direction": "inbound",
      "IPProtocol": "TCP",
      "FromPort": "3306",
      "ToPort": "3306",
      "CIDR": "10.0.0.0/16"
    },
    {
      "Direction": "inbound",
      "IPProtocol": "ICMP",
      "FromPort": "-1",
      "ToPort": "-1",
      "CIDR": "0.0.0.0/0"
    },
    {
      "Direction": "outbound",
      "IPProtocol": "ALL",
      "FromPort": "-1",
      "ToPort": "-1",
      "CIDR": "0.0.0.0/0"
    }
  ]
}

3.6 Security Rules μ‚­μ œ μ˜ˆμ‹œ

curl -sX 'DELETE' 'http://localhost:1024/spider/securitygroup/sg-web/rules' \
  -H 'Content-Type: application/json' \
  -d '{
    "ConnectionName": "aws-config01",
    "ReqInfo": {
      "RuleInfoList": [
        {
          "Direction": "inbound",
          "IPProtocol": "TCP",
          "FromPort": "3306",
          "ToPort": "3306",
          "CIDR": "10.0.0.0/16"
        }
      ]
    }
  }' | jq

응닡 μ˜ˆμ‹œ:

{
  "Result": "true"
}

3.7 Security Group μ‚­μ œ μ˜ˆμ‹œ

curl -sX 'DELETE' 'http://localhost:1024/spider/securitygroup/sg-web' \
  -H 'Content-Type: application/json' \
  -d '{
    "ConnectionName": "aws-config01"
  }' | jq

응닡 μ˜ˆμ‹œ:

{
  "Result": "true"
}

3.8 κ°•μ œ μ‚­μ œ (force) μ˜ˆμ‹œ

  • VM 등이 μ—°κ²°λœ Security Group을 κ°•μ œ μ‚­μ œν•  경우 force=true μ˜΅μ…˜μ„ μ‚¬μš©ν•œλ‹€.
curl -sX 'DELETE' 'http://localhost:1024/spider/securitygroup/sg-web?force=true' \
  -H 'Content-Type: application/json' \
  -d '{
    "ConnectionName": "aws-config01"
  }' | jq

4. CB-Spider Security Group AdminWeb 제곡 μ˜ˆμ‹œ

  • λ‹€μŒ μˆœμ„œλ‘œ λŒ€μƒ CSP 선택 및 Security Group 정보λ₯Ό κ΄€λ¦¬ν•œλ‹€.

    1. Connection 선택: AdminWeb μƒλ‹¨μ—μ„œ λŒ€μƒ CSP Connection 선택
    2. Security Group 메뉴 μ ‘κ·Ό: 쒌츑 λ©”λ‰΄μ—μ„œ "Security Group" 선택
    3. Security Group 생성: "Create SecurityGroup" λ²„νŠΌ 클릭 ν›„ ν•„μš”ν•œ 정보 μž…λ ₯
    4. Security Rules 관리: Security Group 상세 ν™”λ©΄μ—μ„œ Rules μΆ”κ°€/μ‚­μ œ κ°€λŠ₯

4.1 Security Group λͺ©λ‘ ν™”λ©΄ μ˜ˆμ‹œ

AdminWebμ—μ„œ Security Group λͺ©λ‘μ„ μ‘°νšŒν•˜λ©΄ λ‹€μŒκ³Ό 같은 정보가 ν‘œμ‹œλœλ‹€:

  • Security Group Name
  • Security Group SystemId (CSP ID)
  • VPC Name
  • Rules 개수
  • 생성 μ‹œκ°„
  • μž‘μ—… λ²„νŠΌ (상세보기, μ‚­μ œ λ“±)

4.2 Security Group 생성 ν™”λ©΄ μ˜ˆμ‹œ

AdminWebμ—μ„œ Security Group 생성 μ‹œ λ‹€μŒ 정보λ₯Ό μž…λ ₯ν•œλ‹€:

  • Security Group Name: CB-Spiderμ—μ„œ 관리할 Security Group 이름
  • VPC Name: Security Group이 μ†Œμ†λ  VPC
  • Security Rules (1개 이상 ꢌμž₯):
    • Direction (inbound/outbound)
    • Protocol (ALL/TCP/UDP/ICMP)
    • Port Range (FromPort ~ ToPort)
    • CIDR (IP μ£Όμ†Œ λ²”μœ„)
    • Tags (선택)

4.3 Security Group 상세 ν™”λ©΄ μ˜ˆμ‹œ

Security Group 상세 ν™”λ©΄μ—μ„œλŠ” λ‹€μŒ 정보와 μž‘μ—…μ΄ κ°€λŠ₯ν•˜λ‹€:

κΈ°λ³Έ 정보:

  • Security Group IId (NameId, SystemId)
  • VPC IId (NameId, SystemId)
  • KeyValueList (CSP μΆ”κ°€ 정보)

Security Rules 관리:

  • Security Rules λͺ©λ‘ ν‘œμ‹œ
  • Add Rules λ²„νŠΌ: μƒˆ Rule μΆ”κ°€
  • Remove Rules λ²„νŠΌ: κ°œλ³„ Rule μ‚­μ œ
  • Rule 상세 정보 보기 (Direction, Protocol, Port, CIDR)

μž‘μ—… λ²„νŠΌ:

  • Delete SecurityGroup: Security Group μ‚­μ œ
  • Refresh: 정보 κ°±μ‹ 

5. μ£Όμš” μ‚¬μš© μ‹œλ‚˜λ¦¬μ˜€

5.1 μ›Ή μ„œλ²„μš© Security Group ꡬ성

  1. Security Group 생성 (Create SecurityGroup)
  2. Inbound Rules μΆ”κ°€:
    • SSH: TCP 22 from κ΄€λ¦¬μž IP
    • HTTP: TCP 80 from 0.0.0.0/0
    • HTTPS: TCP 443 from 0.0.0.0/0
  3. Outbound Rules: ALL -1 to 0.0.0.0/0 (κΈ°λ³Έ)
  4. VM 생성 μ‹œ ν•΄λ‹Ή Security Group μ§€μ •

5.2 λ°μ΄ν„°λ² μ΄μŠ€ μ„œλ²„μš© Security Group ꡬ성

  1. Security Group 생성
  2. Inbound Rules μΆ”κ°€:
    • MySQL: TCP 3306 from μ• ν”Œλ¦¬μΌ€μ΄μ…˜ μ„œλ²„ CIDR (예: 10.0.1.0/24)
    • SSH: TCP 22 from κ΄€λ¦¬μž IP
  3. Outbound Rules: ν•„μš” μ‹œ μ œν•œμ μœΌλ‘œ μ„€μ •
  4. DB μ„œλ²„ VM에 ν•΄λ‹Ή Security Group 적용

5.3 κΈ°μ‘΄ CSP Security Group 연동

  1. CSP에 이미 μ‘΄μž¬ν•˜λŠ” Security Group의 정보 확인 (SystemId)
  2. Register SecurityGroup APIλ₯Ό 톡해 CB-Spider에 등둝
  3. CB-Spiderμ—μ„œ ν•΄λ‹Ή Security Group 관리 및 Rules μΆ”κ°€/μ‚­μ œ κ°€λŠ₯

5.4 Multi-Tier μ•„ν‚€ν…μ²˜ ꡬ성

  1. Web Tier Security Group:

    • Inbound: TCP 80, 443 from Internet
    • Outbound: TCP 3000 to App Tier CIDR
  2. App Tier Security Group:

    • Inbound: TCP 3000 from Web Tier CIDR
    • Outbound: TCP 3306 to DB Tier CIDR
  3. DB Tier Security Group:

    • Inbound: TCP 3306 from App Tier CIDR
    • Outbound: μ΅œμ†Œ κΆŒν•œ

6. μ£Όμ˜μ‚¬ν•­ 및 μ œμ•½μ‚¬ν•­

6.1 Security Rules μ„€μ • μ£Όμ˜μ‚¬ν•­

  • CIDR μ„€μ •: 0.0.0.0/0은 λͺ¨λ“  IPλ₯Ό ν—ˆμš©ν•˜λ―€λ‘œ λ³΄μ•ˆμƒ 주의 ν•„μš”
  • 포트 λ²”μœ„: FromPort ≀ ToPort 관계 μœ μ§€ ν•„μš”
  • ν”„λ‘œν† μ½œλ³„ 포트 μ„€μ •:
    • TCP/UDP: 1~65535 λ²”μœ„ μ‚¬μš©
    • ICMP/ALL: -1 μ‚¬μš© (포트 κ°œλ… μ—†μŒ)
  • 쀑볡 κ·œμΉ™: λ™μΌν•œ κ·œμΉ™ 쀑볡 μΆ”κ°€ μ‹œ CSPλ³„λ‘œ λ™μž‘μ΄ λ‹€λ₯Ό 수 있음

6.2 Security Group μ‚­μ œ

  • VM이 μ—°κ²°λœ Security Group은 μ‚­μ œ λΆˆκ°€
  • κ°•μ œ μ‚­μ œ(force=true) μ‹œ μ—°κ²°λœ VM의 Security Group 섀정이 변경될 수 있음 (주의!)
  • Default Security Group은 μ‚­μ œ λΆˆκ°€ (CSP μ •μ±…)

6.3 Security Rules λ³€κ²½ 효과 μ‹œκ°„

  • AddRules()/RemoveRules() 호좜 ν›„ μ‹€μ œ νš¨κ³Όκ°€ λ‚˜νƒ€λ‚˜λŠ” μ‹œκ°„:
    • 일반적: 7~10초
    • Azure: 60~80초 (κΈ΄ λŒ€κΈ° μ‹œκ°„ ν•„μš”)
  • κ·œμΉ™ λ³€κ²½ ν›„ μ¦‰μ‹œ ν…ŒμŠ€νŠΈν•˜λ©΄ 이전 κ·œμΉ™μ΄ 적용될 수 μžˆμœΌλ―€λ‘œ μΆ©λΆ„ν•œ λŒ€κΈ° ν•„μš”

6.4 ν”„λ‘œν† μ½œ 및 포트 κ΄€λ ¨

  • ALL ν”„λ‘œν† μ½œ: λͺ¨λ“  νŠΈλž˜ν”½μ„ μ˜λ―Έν•˜λ©°, ν¬νŠΈλŠ” -1둜 μ„€μ •
  • ICMP ν”„λ‘œν† μ½œ: λ„€νŠΈμ›Œν¬ 계측 ν”„λ‘œν† μ½œλ‘œ 포트 κ°œλ…μ΄ μ—†μŒ, -1둜 μ„€μ •

7. 참고 자료