Home > Storage > PowerScale (Isilon) > Product Documentation > Cloud > APEX File Storage for AWS: Deployment Guide > Create the internal security group
The security group for the cluster internal network interfaces is required for each cluster to limit traffic between the cluster nodes internal network interfaces only.
aws ec2 create-security-group --vpc-id <aws_vpc_id> --group-name <cluster_name>-internal-sg --region <aws_region> --tag-specifications "ResourceType=security-group,Tags=[{Key=cluster-name,Value=<cluster_name>}]" --description “Internal security group for OneFS cluster <cluster_name>”
Below is an example to create the internal security group. Write down the GroupId in the output.
> aws ec2 create-security-group --vpc-id vpc-06639db65d7446720 --group-name vonefs-cfv-internal-sg --region us-east-1 --tag-specifications "ResourceType=security-group,Tags=[{Key=cluster-name,Value=vonefs-cfv}]" --description "Internal security group for OneFS cluster vonefs-cfv"
Command output example:
{
"GroupId": "sg-07f220483ab7e3bf7",
"Tags": [
{
"Key": "cluster-name",
"Value": "vonefs-cfv"
}
]
}
Create ingress rules:
aws ec2 authorize-security-group-ingress --group-id <internal_sg_id> --source-group <internal_sg_id> --protocol all --region <aws_region> --tag-specifications “ResourceType=security-group-rule,Tags=[{Key=cluster-name,Value=<cluster_name>}]”
Create egress rules:
aws ec2 authorize-security-group-egress --group-id <internal_sg_id> --source-group <internal_sg_id> --protocol all --region <aws_region> --tag-specifications “ResourceType=security-group-rule,Tags=[{Key=cluster-name,Value=<cluster_name>}]”
The following is an example to create the ingress rule and egress rule:
> aws ec2 authorize-security-group-ingress --group-id sg-07f220483ab7e3bf7 --source-group sg-07f220483ab7e3bf7 --protocol all --region us-east-1 --tag-specifications "ResourceType=security-group-rule,Tags=[{Key=cluster-name,Value=vonefs-cfv}]"
> aws ec2 authorize-security-group-egress --group-id sg-07f220483ab7e3bf7 --source-group sg-07f220483ab7e3bf7 --protocol all --region us-east-1 --tag-specifications "ResourceType=security-group-rule,Tags=[{Key=cluster-name,Value=vonefs-cfv}]"