How Do I Select and Configure a Security Group?

DDM uses VPCs and security groups to ensure security of your instances. The following provides guidance for you on how to correctly configure a security group.

Intra-VPC Access to DDM Instances

Access to a DDM instance includes access to the DDM instance from the ECS where a client is located and access to its associated RDS MySQL DB instance.

The ECS, DDM instance, and RDS MySQL DB instance must be in the same VPC. In addition, correct rules should be configured for their security groups to allow network access.

You are advised to configure the same security group for the ECS, DDM instance, and RDS MySQL DB instance. After a security group is created, network access in the group is not restricted by default.
If different security groups are configured, you may need to refer to the following configurations:
- Assume that the ECS, DDM instance, and RDS MySQL DB instance are configured with security groups sg-ECS, sg-DDM, and sg-RDS, respectively.
- Assume that the service port of the DDM instance is 5066 and that of the RDS MySQL DB instance is 3306.
- The remote end should be a security group or an IP address.
Add the rules in Figure 1 to the security group of the ECS to ensure that your client can access the DDM instance.

Figure 1 ECS security group rules

Add the rules in Figure 2 and Figure 3 to the security group of the ECS where your DDM instance is located so that your DDM instance can access the associated RDS MySQL DB instance and can be accessed by your client.

Figure 2 Configuring security group inbound rules for your DDM instance

Figure 3 Configuring security group outbound rules for your DDM instance

Add the rules in Figure 4 to the security group of the ECS where the RDS MySQL DB instance is located so that your DDM instance can access the RDS DB instance.

Figure 4 Configuring security group rules of the RDS MySQL DB instance