Help Center> Distributed Cache Service> FAQs> Security> Why Can't Security Groups Be Configured for DCS Redis 4.0/5.0/6.0 Basic Edition Instances?
Updated on 2024-05-20 GMT+08:00

Why Can't Security Groups Be Configured for DCS Redis 4.0/5.0/6.0 Basic Edition Instances?

Currently, DCS Redis 4.0/5.0/6.0 basic edition instances use VPC endpoints and do not support security groups.

To allow access only from specific IP addresses to a DCS Redis 4.0, 5.0, or 6.0 basic edition instance, add the IP addresses to the instance whitelist.

If no whitelists are added for the instance or the whitelist function is disabled, all IP addresses that can communicate with the VPC can access the instance.

Creating a Whitelist Group

  1. Log in to the DCS console.
  2. Click in the upper left corner of the management console and select the region where your instance is located.
  3. In the navigation pane, choose Cache Manager.
  4. Click the name of a DCS instance.
  5. Choose Instance Configuration > Whitelist. On the displayed page, click Create Whitelist Group.
  6. In the Create Whitelist Group dialogue box, specify Group Name and IP Address/Range.

    Table 1 Whitelist parameters

    Parameter

    Description

    Example

    Group Name

    Whitelist group name of the instance.

    A maximum of four whitelist groups can be created for each instance.

    DCS-test

    IP Address/Range

    A maximum of 20 IP addresses or IP address ranges can be added to an instance. Separate multiple IP addresses or IP address ranges with commas.

    Unsupported IP address and IP address range: 0.0.0.0 and 0.0.0.0/0.

    10.10.10.1,10.10.10.10

  7. Click OK.

    The whitelist function takes effect immediately after the whitelist group is created. Only whitelisted IP addresses can access the instance. For persistent connections, the whitelist takes effect after reconnection.

    • In the whitelist group list, click Edit to modify the IP addresses or IP address ranges in a group, and click Delete to delete a whitelist group.
    • After whitelist has been enabled, you can click Disable Whitelist above the whitelist group list to allow all IP addresses connected to the VPC to access the instance.

Security FAQs

more