tencent cloud

Virtual Private Cloud

Release Notes and Announcements
Release Notes
Announcements
Tencent Cloud Network Overview
Product Introduction
Overview
Strengths
Use Cases
Concepts
Quota Limit
Service Regions and Service Providers
Purchase Guide
Billing Overview
Payment Overdue
Quick Start
Network Planning
VPC Connections
Building Up an IPv4 VPC
Operation Guide
Network Topology
Network performance dashboard
Virtual Private Cloud (VPC)
Subnets
Route Tables
Elastic IP
HAVIPs
Elastic Network Interface
Bandwidth Package
Network Connection
Security Management
Diagnostic Tools
Alarming and Monitoring
Practical Tutorial
View the Total Bandwidth for Single-Region Traffic-Based Billing
Migrating from the Classic Network to VPC
Best Practices of Security Group Change
Configuring CVM Instance as Public Gateway
Building HA Primary/Secondary Cluster with HAVIP + Keepalived
Hybrid Cloud Primary/Secondary Communication (DC and VPN)
Hybrid Cloud Primary/Secondary Communication (CCN and VPN)
CVM Access to Internet Through EIP
Troubleshooting
VPCs or Subnets Cannot Be Deleted
Network Disconnection After Connecting Two VPCs over CCN
Failed to Ping CVMs in the Same VPC
API Documentation
History
Introduction
API Category
Making API Requests
VPC APIs
Route Table APIs
Elastic Public IP APIs
Elastic IPv6 APIs
Highly Available Virtual IP APIs
ENI APIs
Bandwidth Package APIs
NAT Gateway APIs
Direct Connect Gateway APIs
Cloud Connect Network APIs
Network ACL APIs
Network Parameter Template APIs
Network Detection-Related APIs
Flow Log APIs
Gateway Traffic Monitor APIs
Private Link APIs
Traffic Mirroring APIs
Other APIs
Subnet APIs
VPN Gateway APIs
Security Group APIs
Snapshot Policy APIs
Error Codes
Data Types
FAQs
General
Connection
Security
Contact Us
Glossary
DocumentationVirtual Private CloudOperation GuideElastic Network InterfaceConfiguring a Security Group for an ENI

Configuring a Security Group for an ENI

PDF
Focus Mode
Font Size
Last updated: 2026-03-30 10:24:42
One or more security groups can be bound to a secondary Elastic Network Interface (ENI) to implement access control for the inbound and outbound traffic of the ENI. After creating a secondary ENI, you need to bind security groups to the ENI based on actual business requirements, and the security groups that are the same as or different from those of Cloud Virtual Machine (CVM) instances can be bound. If no security groups are bound to your ENI, the ENI allows all traffic by default.
This document describes how to bind and unbind a security group to and from an ENI.
Note:
Before binding or unbinding a security group, please ensure the security group rule meet your business requirements to avoid network interruptions caused by the non-compliant security group rule.

Prerequisites

A security group has been created. For details, see Creating a Security Group.

Operation Steps

Binding a Security Group

1. Log in to the ENI console.
2. Click the ID of the ENI to which you want to bind a security group.
3. On the Bind Security Group tab of the details page, click Configure.

4. In the Configure Security Group dialog box, select the security group prepared in advance and click OK to complete the binding operation. If multiple security groups are bound, the one at the top of the list has the highest priority and is matched first.


Unbinding a Security Group

Note:
One security group must be bound to the primary ENI. If the primary ENI has only one security group, the security group cannot be unbound.
It is recommended that a secondary ENI have at least one security group.
1. Log in to the ENI console.
2. Click the ID of the ENI from which you want to unbind a security group.
3. On the Associate Security Group tab of the details page, click Unbind in the Operation column of the security group to be unbound.

4. In the displayed dialog box, click OK.
Previous Topic: Creating and Managing an ENINext Topic: Binding an ENI

Help and Support

Was this page helpful?

Help us improve! Rate your documentation experience in 5 mins.

Feedback