Ingress rules allow IP ranges to connect with a virtual machine. To create a Ingress rule you will need to supply the port range (start port and end port) and the CIDR address to authorize. Optionally, an IP address may be supplied for the rule instead of a CIDR and a default mask of x.x.x.x/32 will be applied to the IP address. You may additionally provide a description for the rule.

Each rule is comprised of three elements:

• protocol (TCP, UDP or ICMP)
• port or port range (from 1 to 65,535)
• IP address or address range

Click on the up/down arrows to expand the available options in each category.  Highlight the protocol option and then the access option.  To make this step easier, the most common protocols and access choices are already defined.  If, for example, you need SSH access from everywhere, just select "SSH" from the protocol list and "Global Access" from the access list.  Add a meaningful description to help describe what this rule does.

If you are creating a custom rule, complete the form with the appropriate information.  If, for example, you require a range of contiguous ports, add the beginning port in the "Start Port" field and ending port in the "End Port" field.

When you create the ingress rule, it will then appear in your security group browser view.