Help Center> Document Database Service> Getting Started> Getting Started with Replica Sets> Connecting to a Replica Set Instance Over Public Networks> Step 3: Set a Security Group

View PDF

Step 3: Set a Security Group

Scenarios

This section guides you on how to add a security group rule to control access from and to DDS DB instances associated with a security group. The following describes how to set security groups.

Precautions

The default security group rule allows all outgoing data packets. ECSs and DDS DB instances in the same security group can access each other. After a security group is created, you can create different rules for that security group, which allows you to control access to the DB instances that are in it.

To access a DB instance in a security group from a source outside of that group, you need to create an inbound rule.

For details about the constraints on using security groups, see Security Group Overview.

Procedure

On the Instance Management page, click the target replica set instance.
In the navigation pane on the left, choose Connections.
In the Security Group area, on the Inbound Rules tab, click Add Rule. In the displayed Add Inbound Rule dialog box, set required parameters to add inbound rules. On the Outbound Rules tab, click Add Rule. In the displayed Add Outbound Rule dialog box, set required parameters to add outbound rules.

You can click to add more rules.
Figure 1 Add Inbound Rule

Figure 2 Add Outbound Rule

Add a security group rule as prompted.

**Table 1** Parameter description
Parameter	Description	Value Example
Protocol	The network protocol required for access. You can allow all protocols or specify a specific protocol, TCP, UDP, ICMP, and SSH.	TCP
Port	Specifies the port that allows the access to ECSs or external devices. Common ports are listed in Common Ports Used by ECSs.	8635
Source/Destination	Specifies the supported IP address and security group that the rule applies to. IP address: The IP address or subnet that the rule applies to. Single IP addresses must be expressed using slash notation. Single IP address: xxx.xxx.xxx.xxx/32 (IPv4) Subnet: xxx.xxx.xxx.0/24 All IP addresses: 0.0.0.0/0 Security group: A security group that access will be allowed from. ECSs in this security group will be granted access to DDS instance in the current security group.	192.168.10.0/24 default

Click OK.

Parent topic: Connecting to a Replica Set Instance Over Public Networks

Last Article: Step 2: Bind an EIP

Next Article: Step 4: Connect to a Replica Set Instance Over Public Networks

Did this article solve your problem?

Thank you for your score！Your feedback would help us improve the website.

Products

Compute

Application

Dedicated Cloud

Storage

Management & Deployment

Migration

Network

Enterprise Intelligence

Video

Database

Edge Cloud Services

DevCloud

Security

Cloud Communications

Internet of Things

Solutions

Industry-Specific Solutions

General-Purpose Solutions

Security

DevOps

Enterprise Intelligence

Essential Platform

Big Data

Visual Cognition

Speech and Semantics

Support

Help Center

Customer Services

Developers

Console

语言 - Language

中国站 - 简体中文

中国站 - English

International - 简体中文

International - English

Help Center

Step 3: Set a Security Group

Scenarios

Precautions

Procedure