How Do I Configure a VPC Security Group to Allow Network Communication?
a VPC on the current cloud is isolated from external networks for security reasons. You cannot use an EIP outside a VPC (for example, an EIP of another cloud database or an on-premise database) to access DB instances inside the VPC. However, the DRS instance in the current VPC must be able to communicate with the source and destination databases to migrate data. Therefore, you need to set inbound or outbound rules for the security groups associated with the source database, destination database, and DRS instance. Inbound rules allow external access to the instance associated with the security group, and outbound rules allow the instance associated with the security group to access instances outside the security group.
Generally, when you create a task for migrating data to the cloud, the DRS instance and the destination database are in the same VPC by default and can communicate with each other. In this case, configure the rules of security group associated with the source database in Configuring the Security Group Associated with the Source Database to allow traffic from the DRS instance IP address and the source database port, and configure the rules of the security group associated with the DRS instance (the destination database) in Configuring the Security Group Associated with the DRS Instance to allow traffic from the IP address and port of the source database.
Similarly, when you create a task for migrating data out of the cloud, the DRS instance and the source database are in the same VPC by default and can communicate with each other. In this case, configure the rules of security group associated with the destination database in Configuring the Security Group Associated with the Destination Database to allow traffic from the DRS instance IP address and the destination database port, and configure the rules of the security group associated with the DRS instance (the source database) in Configuring the Security Group Associated with the DRS Instance to allow traffic from the IP address and port of the destination database.
This section uses RDS for MySQL as the source and destination databases.
Configuring the Security Group Associated with the DRS Instance
The outbound rules of the security group associated with the DRS instance must allow traffic from the IP addresses and ports of the source and destination databases and allow the DRS instance to access databases outside the security group.
- In the DRS task list, click the target task name.
- In the Replication Instance Details area on the Basic Information page, click the security group.
- On the basic information page of the security group, click the Outbound Rules tab.
- Click Add Rule.
The outbound rules of the security group associated with the DRS instance must allow traffic from the IP addresses and ports of the source and destination databases. (Enter the IP addresses and ports of the destination and source databases.)
Configuring the Security Group Associated with the Destination Database
The inbound rules of the security group associated with the destination database must allow traffic from the DRS instance IP address and the destination database port and allow the DRS instance to access the destination database through the port.
- On the Instances page of RDS, click the target instance name.
- In the Connection Information area on the Basic Information page, click the security group.
- On the basic information page of the security group, click the Inbound Rules tab.
- Click Add Rule.
The inbound rules of the security group associated with the destination database must allow traffic from the DRS instance IP address and the destination database port. (Enter the IP address of the DRS instance and the port of the destination database.)
Configuring the Security Group Associated with the Source Database
The inbound rules of the security group associated with the source database must allow traffic from the DRS instance IP address and the source database port and allow the DRS instance to access the source database through the port.
- On the Instances page of RDS, click the target instance name.
- In the Connection Information area on the Basic Information page, click the security group.
- On the basic information page of the security group, click the Inbound Rules tab.
- Click Add Rule.
The inbound rules of the security group associated with the source database must allow traffic from the DRS instance IP address and the source database port. (Enter the IP address of the DRS instance and the port of the source database.)
Network and Security FAQs
- What Security Protection Policies Does DRS Have?
- What Can I Do If the Network Is Disconnected During the Migration?
- Which Database Accounts Are Required During Migration?
- How Do I Configure a VPC Security Group to Allow Network Communication?
- What Can I Do If the Network Connection Between the Replication Instance and Database Is Abnormal?
- How Can the Source and Destination Databases Communicate Across VPCs?
- What Is the EIP Bandwidth of DRS?
- Does DRS Support Cross-Account Cloud Database Migration?
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbotmore
