Deze pagina is nog niet beschikbaar in uw eigen taal. We werken er hard aan om meer taalversies toe te voegen. Bedankt voor uw steun.
- What's New
- Function Overview
- Service Overview
- Getting Started
-
User Guide
- Usage Rules
- Billing Management
- Data Migration
- Instance Lifecycle Management
- Instance Modifications
- Read Replicas
- Database Management
- Account Management (Non-Administrator)
- Data Security
- Data Backups
- Data Restorations
- Connection Management
-
Parameter Template Management
- Creating a Parameter Template
- Modifying a Parameter Template
- Exporting Parameters
- Comparing Parameter Templates
- Viewing Parameter Change History
- Replicating a Parameter Template
- Resetting a Parameter Template
- Applying a Parameter Template
- Viewing Application Records of a Parameter Template
- Editing a Parameter Template Description
- Deleting a Parameter Template
- Metrics and Alarms
- Interconnection with CTS
- Log Management
- Task Center
- Managing Tags
- Managing Quotas
- Change History
- Best Practices
- Performance White Paper
- Security White Paper
- SDK Reference
-
API Reference
- Before You Start
- API Overview
- Calling APIs
-
APIs (Recommended)
- DB Engine Version Queries
- Database Specification Queries
-
Instance Management
- Creating a DB Instance
- Querying DB Instances
- Rebooting a DB Instance
- Deleting a DB Instance
- Querying Details of a DB Instance
- Querying Details of DB Instances in Batches
- Creating a Read Replica
- Deleting a Read Replica
- Scaling up Storage of a Yearly/Monthly DB Instance
- Changing a DB Instance Name
- Resetting a Database Password
- Changing DB Instance Specifications
- Querying Dedicated Resource Pools
- Querying Dedicated Resources
- Configuring the Monitoring By Seconds Function
- Querying the Configuration of Monitoring by Seconds
- Enabling or Disabling SSL
- Binding an EIP
- Unbinding an EIP
- Promoting a Read Replica to Primary
- Changing a Maintenance Window
- Modifying a Security Group
- Changing a Private IP Address
- Changing a Database Port
- Changing a DB Instance Description
- Backup Management
- Parameter Template Management
- Quota Management
- Log Management
- Tag Management
- Database User Management
- Database Management
- SQL Statement Concurrency Control
- Task Center
- APIs (Unavailable Soon)
- Permissions Policies and Supported Actions
- Appendix
- Change History
-
FAQs
- Product Consulting
-
Database Connections
- Can an External Server Access the GaussDB(for MySQL) Database?
- What Do I Do If the Number of GaussDB(for MySQL) Database Connections Reaches the Upper Limit?
- What Is the Maximum Number of Connections to a GaussDB(for MySQL) Instance?
- What Should I Do If an ECS Cannot Connect to a GaussDB(for MySQL) Instance?
- How Can I Connect to a MySQL Database Through JDBC?
- How Can I Create and Connect to an ECS?
- What Should I Do If a Database Client Problem Causes a Connection Failure?
- Why Cannot I Ping My EIP After It Is Bound to a DB Instance?
- What Can I Do If the Connection Test Failed?
- Can I Access a GaussDB(for MySQL) Instance over an Intranet Connection Across Regions?
- Are There Any Potential Risks If There Are Too Many Connections to a GaussDB(for MySQL) Instance?
- What Should I Do If an ECS and a GaussDB(for MySQL) instance Deployed in Different VPCs Cannot Communicate with Each Other?
- How Do I View All IP Addresses Connected to a Database?
- Client Installation
- Database Migration
- Database Permissions
-
Database Performance
- What Should I Do If the CPU Usage of My Instance Is High?
- How Do I Handle Slow SQL Statements Caused by Inappropriate Composite Index Settings?
- How Do I Handle a Large Number of Temporary Tables Being Generated for Long Transactions and High Memory Usage?
- What Should I Do If Locks on Long Transactions Block the Execution of Subsequent Transactions?
- Database Usage
- Backups
-
Database Parameter Modification
- How Can I Change the Time Zone?
- How Do I Configure a Password Expiration Policy for GaussDB(for MySQL) Instances?
- How Do I Ensure that the Database Character Set of a GaussDB(for MySQL) Instance Is Correct?
- How Do I Use the utf8mb4 Character Set to Store Emojis in a GaussDB(for MySQL) Instance?
- How Do I Set Case Sensitivity for GaussDB(for MySQL) Table Names?
- Can I Use SQL Commands to Modify Global Parameters?
-
Network Security
- What Security Assurance Measures Does GaussDB(for MySQL) Have?
- How Can I Prevent Untrusted Source IP Addresses from Accessing GaussDB(for MySQL)?
- How Do I Configure a Security Group to Enable Access to a GaussDB(for MySQL) Instance?
- How Can I Import the Root Certificate to a Windows or Linux Server?
- How Do I Manage and Ensure GaussDB(for MySQL) Security?
- Log Management
- Version Upgrade
- Change History
-
Troubleshooting
-
Backup and Restoration Issues
- Insufficient Permissions During Data Export Using mysqldump
- How Do I use mysqlbinlog to Obtain Binlog Files?
- Canal Fails to Parse Binlogs
- Precautions for Exporting Large Tables Through mysqldump
- Commands for Exporting Data Through mysqldump
- System Inaccessible After Field Addition to a Database Table
- SQL Statements Such as SET @@SESSION.SQL_LOG_BIN Displayed After You Run mysqldump
- Insufficient Permissions Reported for Canal
-
Connection Issues
- Login Failed After ssl_type of root Is Changed to ANY
- Failed to Connect to a DB Instance Using SSL
- Description of Each IP Address
- SSL Connection Failed Due to Inconsistent TLS Versions
- Error Message "connection established slowly"
- "Access denied" Displayed During Database Connection
- Failed to Connect to a Database Using mariadb-connector in SSL Mode
- Failed to Connect to a Database as User root
- Client Automatically Disconnected from a DB Instance
- Disconnection Occurs Every 45 Days Due to the istio-citadel Certificate Mechanism
-
SQL Issues
- Invalid TIMESTAMP Default Value during Table Creation
- Failed to Change the VARCHAR Length Due to the Index Length Limit
- Slow SQL Queries After a Large Amount of Data Is Deleted from a Large Table
- Error 1366 Reported When Data Containing Emojis Is Updated
- Slow Stored Procedure Execution Due to Inconsistent Collations
- ERROR [1412] Reported for a DB Instance
- Failed to Delete a Table with a Foreign Key
- Incorrect GROUP_CONCAT Results
- Error Message "Too many keys specified" Displayed When a Secondary Index Is Created
- DISTINCT and GROUP BY Optimization
- Equivalent Comparison Failures with Floating-Point Numbers
- Tablespace Bloat
- ERROR 1396 Reported When a User Is Created
- Error Message Reported When alter table xxx discard/import tablespace Is Executed
- Native Error 1461 Reported by a DB Instance
- "Row size too large" Reported When a Table Failed to Be Created
- Parameter-related Issues
- Performance Issues
-
Basic Issues
- How Do I View Used Storage of My GaussDB(for MySQL) Instance?
- Renaming Databases and Tables
- Character Set and Collation Settings
- Auto-Increment Field Value Jump
- Starting Value and Increment of AUTO_INCREMENT
- Changing the AUTO_INCREMENT Value of a Table
- Failed to Insert Data Because Values for the Auto-increment Primary Key Field Reach the Upper Limit
- Auto-increment Field Values
- AUTO_INCREMENT Not Displayed in the Table Structure
- Impact of Creating an Empty Username
- No Scanned Rows Recorded in Slow Query Logs
- Change History
-
Backup and Restoration Issues
- Videos
Show all
Configuring Security Group Rules
Scenarios
A security group is a collection of access control rules for ECSs and instances that have the same security requirements and are mutually trusted in a VPC.
To ensure database security and reliability, you need to configure security group rules to allow specific IP addresses and ports to access instances.
When you attempt to access an instance through an EIP, you need to configure an inbound rule for the security group associated with the instance.
Precautions
The default security group rule allows all outbound data packets. If an ECS and an instance are in the same security group, they can access each other. When a security group is created, you can configure security group rules to control access to and from instances associated with that security group.
- By default, you can create up to 500 security group rules.
- Too many security group rules will increase the first packet latency. You are advised to create up to 50 rules for each security group.
- To access an instance from resources outside the security group, you need to configure an inbound rule for the security group associated with the instance.
NOTE:
To ensure data and instance security, use permissions properly. You are advised to use the minimum access permission, change the default database port 3306, and set the accessible IP address to the remote server's address or the remote server's minimum subnet address to control the access scope of the remote server.
If you use 0.0.0.0/0, all IP addresses can access instances associated with the security group.
Procedure
- Log in to the management console.
- Click
in the upper left corner and select a region and a project. - Click
in the upper left corner of the page, choose Database > GaussDB(for MySQL). - On the Instances page, click the instance name to go to the Basic Information page.
- Configure security group rules.
In the Network Information area on the Basic Information page, click the security group name next to the Security Group field.
- On the Inbound Rules tab, click Add Rule. In the displayed dialog box, configure required parameters and click OK.
You can click + to add more inbound rules.
Table 1 Inbound rule parameter description Parameter
Description
Example Value
Protocol & Port
Network protocol for which the security group rule takes effect.
- Currently, the value can be All, TCP (All ports), TCP (Custom ports), UDP (All ports), UDP (Custom ports), ICMP, GRE, or others.
- All: indicates all protocol ports are supported.
TCP (Custom ports)
Port: the port over which the traffic can reach your DB instance.
When connecting to the DB instance through a public network, enter the port of the DB instance.
- Individual port: Enter a port, such as 22.
- Consecutive ports: Enter a port range, such as 22-30.
- All ports: Leave it empty or enter 1-65535.
Address
Source of the security group rule. The value can be a security group or an IP address.
xxx.xxx.xxx.xxx/32 (IPv4 address)
xxx.xxx.xxx.0/24 (subnet)
0.0.0.0/0 (any IP address)
0.0.0.0/0
Description
Supplementary information about the security group rule. This parameter is optional.
The description can contain up to 255 characters and cannot contain angle brackets (<>).
-
Operation
You can replicate or delete a security group rule. However, if there is only one security group rule, you cannot delete it.
-
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.
