The BGP High-Defense IP service typically does not automatically add the source IP address to the security group. Instead, it acts as a proxy to forward traffic and mitigate DDoS attacks. Users need to manually configure the security group rules to allow traffic from the BGP High-Defense IP address.
For example, if you have a web server protected by BGP High-Defense IP, you would need to add an inbound rule in your security group to allow traffic from the BGP High-Defense IP address to your web server's port (e.g., port 80 for HTTP or port 443 for HTTPS).
In the context of cloud services, you can use Tencent Cloud's Anti-DDoS Pro service, which includes BGP High-Defense IP. With this service, you can manually configure security groups to ensure that only legitimate traffic is allowed through.