How Do I Select and Configure a Security Group?

Intra-VPC Access

1. Check whether the client and instance use the same security group.
   • If they use the same security group, check whether the security group has the default inbound rule that allows communication among ECSs within the security group and the default outbound rule that allows all outbound traffic. If these rules are available, you do not need to add more rules. If these rules are not available, add rules according to Table 1.

     Table 1 Security group rules

     Direction	Protocol	Port	Source	Description
     Inbound	TCP	9092	0.0.0.0/0	Accessing an instance within a VPC (with SSL encryption disabled)
     Inbound	TCP	9093	0.0.0.0/0	Accessing an instance within a VPC (with SSL encryption enabled)

   • If they use different security groups, go to 2.

2. Configure security group rules as follows.

   Assume that the security groups of the client and Kafka instance are sg-53d4 and Default_All, respectively. You can specify a security group or IP address as the destination in the following rule. A security group is used as an example.

   To ensure that your client can access the Kafka instance, add the following rule to the security group configured for the client:

   Table 2 Security group rule

   Direction	Action	Protocol & Port	Destination
   Outbound	Allow	All	Default_All

   Figure 1 Configuring a security group for the client
   

   To ensure that your client can access the Kafka instance, add the following rule to the security group configured for the instance.

   Table 3 Security group rule

   Direction	Action	Protocol & Port	Source
   Inbound	Allow	All	sg-53d4

   Figure 2 Configuring the security group for the Kafka instance
   

Cross-VPC and DNAT-based Instance Access

Configure security group rules according to Table 4.

Public Access

Configure security group rules according to Table 5.