Help Center/ TaurusDB_TaurusDB for PostgreSQL/ User Guide/ Instance Connection/ Connection Information Management/ Configuring Security Group Rules
Updated on 2025-11-14 GMT+08:00
View PDF
Share

Configuring Security Group Rules

Scenarios

A security group is a collection of access control rules for ECSs and TaurusDB for PostgreSQL instances that have the same security requirements and are mutually trusted within a VPC.

To ensure database security and reliability, you need to configure security group rules to allow only specific IP addresses and ports to access TaurusDB for PostgreSQL instances.

  • When you attempt to connect to a TaurusDB for PostgreSQL instance through a private network, check whether the ECS and the TaurusDB for PostgreSQL instance are in the same security group.
    • If yes, they can communicate with each other by default. No security group rules need to be configured.
    • If no, you need to configure security group rules for them, separately.
      • TaurusDB for PostgreSQL instance: Configure an inbound rule for the security group associated with the TaurusDB for PostgreSQL instance.
      • ECS: The default security group rule allows all outbound data packets. In this case, you do not need to configure a security group rule for the ECS. If not all outbound traffic is allowed in the security group, you need to configure an outbound rule for the ECS to allow all outbound packets.

This section describes how to configure an inbound rule for a TaurusDB for PostgreSQL instance.

For details about the requirements of security group rules, see Adding a Security Group Rule in Virtual Private Cloud User Guide.

Precautions

The default security group rule allows all outbound data packets. ECSs and TaurusDB for PostgreSQL instances can access each other if they are deployed in the same security group. After a security group is created, you can configure security group rules to control access to and from TaurusDB for PostgreSQL instances associated with that security group.

  • By default, you can create up to 100 security groups in your cloud account.
  • By default, you can add up to 50 security group rules to a security group.
  • A security group can be associated with multiple TaurusDB for PostgreSQL instances.
  • Too many security group rules will increase the first packet latency. You are advised to create up to 50 rules for each security group.
  • To enable access to a TaurusDB for PostgreSQL instance from resources outside the security group, you need to configure an inbound rule for the security group associated with the TaurusDB for PostgreSQL instance.

To ensure data and instance security, use permissions properly. You are advised to use the minimum access permission, change the default database port 5432, and set the accessible IP address to the remote server's address or the remote server's minimum subnet address to control the access scope of the remote server.

The default value of Source is 0.0.0.0/0, indicating that all IP addresses can access the TaurusDB for PostgreSQL instance as long as they are associated with the same security group as the instance.

For details about the requirements of security group rules, see Adding a Security Group Rule in Virtual Private Cloud User Guide.

Procedure

  1. Log in to the management console.
  2. Click in the upper left corner and select a region.
  3. Click in the upper left corner of the page and choose Databases > TaurusDB.
  4. On the Instances page, click the instance name to go to the Basic Information page.
  5. In the Network Information area, click the security group name under Security Group.

    Figure 1 Security Group

  6. On the Inbound Rules tab, click Add Rule. In the displayed dialog box, set required parameters and click OK.

    To add more inbound rules, click .

Parent Topic: Connection Information Management