If you need to make the ECS instances under three VSwitches (inside the same Alibaba Cloud VPC) unable to access each other, while not affecting other Intranet connections in this VPC, what should you do?
A.
Create three Security Groups, each containing all ECS instances under these three VSwitches. First, configure each Security Group to allow access to all CIDR Blocks. Then, configure each Security Group to forbid access to the CIDR blocks of the other two VSwitches (with this rule given higher priority than the previous rule).
B.
Create three Security Groups, each containing all ECS instances under these three VSwitches. First, configure each Security Group to allow access to all CIDR Blocks. Then, configure each Security Group to forbid access to the CIDR blocks of the other two VSwitches (with this rule given a lower priority than the previous rule).
C.
Create one Security Group containing all ECS instances under these three VSwitches. First, configure the Security Group to allow access to all CIDR Blocks. Then, configure the Security Group to forbid access to the CIDR blocks of the other two VSwitches (with this rule given higher priority than the previous rule).
To isolate ECS instances within different VSwitches in a VPC while allowing them to access the internet and other intranet resources, each VSwitch's instances should be in separate Security Groups. By configuring each group to allow all VPC CIDR blocks first and then restricting access to other VSwitch CIDR blocks with a higher priority rule, instances in each VSwitch are isolated without affecting the VPC's external connections. This approach follows Alibaba Cloud's Security Group best practices and CIDR-based access control within VPC environments.
=================
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit