Skip to main content

 

 

Cisco Defense Orchestrator

Manage Security Group Rules

Edit a Security Group Rule

Use this procedure to edit an access control rule for an AWS VPC using CDO:

  1. Open the Devices & Services page.
  2. Select the AWS VPC whose access control policy you want to edit. 
  3. In the Management pane on the right, select policy_shield_icon.png Policy.
  4. To edit an existing security group rule, select the rule and click the edit icon pencil.png in the Actions pane. (Simple edits may also be performed inline without entering edit mode.) See AWS VPC Security Group Rules for rule limitations and exceptions. 
  1. Click Save.
  2. Review and deploy now the changes you made, or wait and deploy multiple changes at once.

Caution: If the deployment fails, CDO attempts to return the state of the AWS VPC to what it was before you made the deployment attempt. This is done on a "best effort" basis. Because AWS doesn't maintain a state, this rollback attempt could fail. In that case, you will have to log in to the AWS management console and manually return the AWS VPC to its previous configuration and then poll for changes between the AWS VPC device configuration and the configuration in CDO. 

Delete a Security Group Rule

  1. Open the Devices & Services page.
  2. Select the AWS VPC whose access control policy you want to edit. 
  3. In the Management pane on the right, select policy_shield_icon.png Policy.
  4. To delete a security group rule you no longer need, select the rule and click the remove icon trash.png in the Actions pane.
  5. Review and deploy now the changes you made, or wait and deploy multiple changes at once.

Caution: If the deployment fails, CDO attempts to return the state of the AWS VPC to what it was before you made the deployment attempt. This is done on a "best effort" basis. Because AWS doesn't maintain a "state," this rollback attempt could fail. In that case, you will have to log in to the AWS management console and manually return the AWS VPC to its previous configuration and then poll for changes between the AWS VPC device configuration and the configuration in CDO. 

Related Articles

  • Was this article helpful?