Skip to main content



Cisco Defense Orchestrator

AWS VPCs and Security Groups in CDO

How are Security Groups Managed in CDO?

The Amazon Web Services (AWS) console does not have the concept of objects; instead, security groups act as a collection of rules associated with a set of entities within a Virtual Private Cloud (VPC). When you onboard an AWS VPC to CDO, these security groups and instances are translated into cloud security group objects. This does not change how the rules that originate from the AWS console are executed, but being onboarded to CDO does allow you to use other objects to help maximize the potential of your security groups. 

AWS EC2 instances are launched into a VPC and can be associated with a security group from the AWS console.

When you create a security group rule in CDO, you must use a cloud security group object as either the source or the destination of the traffic. See AWS VPC Security Group Rules for more information about what objects an AWS VPC can use. 

Note: You cannot create either an AWS EC2 instance or a security group in CDO; you must create both entities in the AWS console.


Related Articles:


  • Was this article helpful?