From 602721d0036b0d1b3795a6775e773afb9c043c73 Mon Sep 17 00:00:00 2001 From: Jean-Laurent de Morlhon Date: Fri, 8 Jan 2016 16:32:22 +0100 Subject: [PATCH] AWS documentation for security group Signed-off-by: Jean-Laurent de Morlhon --- docs/drivers/aws.md | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/docs/drivers/aws.md b/docs/drivers/aws.md index 5136325c91..9276b050ec 100644 --- a/docs/drivers/aws.md +++ b/docs/drivers/aws.md @@ -31,7 +31,7 @@ To create the machine instance, specify `--driver amazonec2` and the three requi This example assumes the VPC ID was found in the `a` availability zone. Use the`--amazonec2-zone` flag to specify a zone other than the `a` zone. For example, `--amazonec2-zone c` signifies `us-east1-c`. -### Options +## Options - `--amazonec2-access-key`: **required** Your access key id for the Amazon Web Services API. - `--amazonec2-secret-key`: **required** Your secret access key for the Amazon Web Services API. @@ -55,7 +55,6 @@ This example assumes the VPC ID was found in the `a` availability zone. Use the` - `--amazonec2-private-address-only`: Use the private IP address only. - `--amazonec2-monitoring`: Enable CloudWatch Monitoring. - By default, the Amazon EC2 driver will use a daily image of Ubuntu 14.04 LTS. | Region | AMI ID | @@ -97,3 +96,14 @@ Environment variables and default values: | `--amazonec2-use-private-address` | - | `false` | | `--amazonec2-private-address-only` | - | `false` | | `--amazonec2-monitoring` | - | `false` | + +## Security Group + +Note that a security group will be created and associated to the host. This security group will have the following ports opened inbound : + +- ssh (22/tcp) +- docker (2376/tcp) +- swarm (3376/tcp), only if the node is a swarm master + +If you specify a security group yourself using the `--amazonec2-security-group` flag, the above ports will be checked and opened and the security group modified. +If you want more ports to be opened, like application specific ports, use the aws console and modify the configuration manually.