Configuring Security Group Rules
A security group is a collection of access control rules for ECSs and GeminiDB Cassandra instances that have the same security protection requirements and are mutually trusted in a VPC.
To ensure database security and reliability, configure security group rules to allow specific IP addresses and ports to access the GeminiDB Cassandra instances.
This section describes how to configure security group rules when you connect to a GeminiDB Cassandra instance over private and public networks.
Precautions
- Each account can create up to 500 security group rules by default.
- Too many security group rules will increase the first packet latency, so a maximum of 50 rules for each security group is recommended.
- One security group can be associated with only one GeminiDB Cassandra instance.
- For details about security group rules, see Table 1.
Table 1 Parameter description Scenario
Description
Connecting to an instance over a private network
Check whether the ECS and GeminiDB Cassandra instance are in the same security group:- If yes, no security group rules need to be configured.
- If no, configure security group rules for them, respectively.
- GeminiDB Cassandra instance: Configure inbound rules for its security group. For details, see Procedure.
- ECS: The default security group rule allows all outbound data packets, so you do not need to configure a security rule for the ECS. If not all outbound traffic is allowed in the security group, configure an outbound rule for the ECS.
Connecting to an instance over a public network
Add inbound rules for the security group associated with the GeminiDB Cassandra instance. For details, see Procedure.
Procedure
- Log in to the management console.
- In the service list, choose Databases > GeminiDB Cassandra API.
- On the Instances page, locate the instance that you want to configure security group rules for and click its name.
- Configure security group rules.
Method 1
In the Network Information area on the Basic Information page, click the name of security group.
Figure 1 Security group
Method 2
On the Basic Information page, choose Connections in the navigation pane on the left. In the Security Group area on the right, click the name of the security group. The Security Group page is displayed.
Figure 2 Security group
- Add an inbound rule.
- Click the Inbound Rules tab.
Figure 3 Inbound rules
- Click Add Rule. The Add Inbound Rule dialog box is displayed.
Figure 4 Adding a rule
- In the displayed Add Rule dialog box, set required parameters.
Table 2 Inbound rule settings Parameter
Description
Example Value
Protocol & Port
- Network protocol. Available options are All, TCP, UDP, ICMP, or GRE
- Port: The port or port range that allows the access to the ECS. Range: 1 to 65535
TCP
Type
IP address type. This parameter is available only after the IPv6 function is enabled.
- IPv4
- IPv6
IPv4
Source
Source address. It can be a single IP address, an IP address group, or a security group to allow access from the IP address or instances in the security group. Example:- Single IP address: xxx.xxx.xxx.xxx/32 (IPv4)
- Subnet: xxx.xxx.xxx.0/24
- All IP addresses: 0.0.0.0/0
- sg-abc (security group)
0.0.0.0/0
Description
(Optional) Provides supplementary information about the security group rule.
The description can contain up to 255 characters and cannot contain angle brackets (<>).
-
- Click the Inbound Rules tab.
- Click OK.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
