Updated on 2022-02-22 GMT+08:00

Setting a Security Group

Scenarios

This section guides you on how to add a security group rule to control access from and to DDS DB instances in a security group. The following describes how to set security groups.

Precautions

The default security group rule allows all outgoing data packets. ECSs and DDS DB instances in the same security group can access each other. After a security group is created, you can create different rules for that security group, which allows you to control access to the DB instances that are in it.

To access a DB instance in a security group from a source outside of that group, you need to create an inbound rule.

For details about the constraints on the using security groups, see "Security Group Overview" in the Virtual Private Cloud User Guide.

Procedure

  1. Log in to the management console.
  2. Under Network, click Virtual Private Cloud.
  3. In the navigation pane on the left, choose Access Control > Security Groups.
  4. On the Security Group page, locate the target security group and click Manage Rule in the Operation column.
  5. On the Inbound Rules tab, click Add Rule. In the displayed dialog box, set required parameters to add an inbound rule. On the Outbound Rules tab, click Add Rule. In the displayed Add Outbound Rule dialog box, set required parameters to add outbound rules.

    You can click to add more rules.

  6. Add a security group rule as prompted.

    Table 1 Inbound rule parameters

    Parameter

    Description

    Value Example

    Protocol & Port

    The network protocol required for access. You can allow all protocols or specify a specific protocol, TCP, UDP, ICMP, and SSH.

    TCP

    Type

    Specifies the IP address type. This parameter is available after the IPv6 function is enabled.

    • IPv4
    • IPv6

    IPv4

    Source/Destination

    Specifies the supported IP address and security group that the rule applies to.

    • IP address: The IP address or subnet that the rule applies to. Single IP addresses must be expressed using slash notation.
      • Single IP address: xxx.xxx.xxx.xxx/32 (IPv4)
      • Subnet: xxx.xxx.xxx.0/24
      • All IP addresses: 0.0.0.0/0
    • Security group: A security group that access will be allowed from. ECSs in this security group will be granted access to DDS instance in the current security group.
    • 192.168.10.0/24
    • default

    Description

    (Optional) Provides supplementary information about the security group rule. This parameter is optional.

    The description can contain a maximum of 255 characters and cannot contain angle brackets (< or >).

    test

  7. Click OK.