Security groups

in dFlow are firewall-style inbound and outbound rules attached to cloud provider accounts, used when you create or manage Worker Nodes in that cloud (for example AWS).

They are not a substitute for host firewalls or private networking; they are the cloud-side rules dFlow can configure or select when provisioning infrastructure.

Where to manage them

1. Open your Organisation in the dashboard.
2. Go to Security.
3. Open the Security Groups tab (`?tab=security-groups` in the URL when that tab is active).

You need securityGroups (and usually cloudProviderAccounts) permissions on your role. See Roles and permissions.

Create or edit

1. Choose Add security group or edit an existing row.
2. Set name and description.
3. Pick the cloud provider (for example AWS) and the linked cloud provider account. See Cloud provider accounts under Integrations in the sidebar and AWS integration under Integrations in the sidebar.

Inbound rules

Each rule defines allowed incoming traffic (for example SSH, HTTP, HTTPS, or Custom ports).

• Prefer SSH from known CIDRs, a VPN, or My IP rather than the whole internet.
• Opening SSH to 0.0.0.0/0 is convenient and risky; use it only with a clear threat model.

Outbound rules

Outbound rules define what the instance may reach (for example HTTPS for package pulls, or All traffic only if your policy allows).

Delete

Remove a group when no Worker Nodes or flows depend on it. Follow any in-product warnings about active use.

Related

• SSH keys
• Security best practices
• AWS integration